VeraCrypt

Documentation >> Frequently Asked Questions

Frequently Asked Questions

Last Updated July 2nd, 2017
This document is not guaranteed to be error-free and is provided "as is" without warranty of any kind. For more information, see Disclaimers.
Can TrueCrypt and VeraCrypt be running on the same machine?
Yes. There are generally no conflicts between TrueCrypt and VeraCrypt, thus they can be installed and used on the same machine. On Windows however, if they are both used to mount the same volume, two drives may appear when mounting it. This can be solved by running the following command in an elevated command prompt (using Run as an administrator) before mounting any volume: mountvol.exe /r.
Can I use my TrueCrypt volumes in VeraCrypt?
Yes. Starting from version 1.0f, VeraCrypt supports mounting TrueCrypt volumes.
Can I convert my TrueCrypt volumes to VeraCrypt format?
Yes. Starting from version 1.0f, VeraCrypt offers the possibility to convert TrueCrypt containers and non-system partitions to VeraCrypt format. This can achieved using the "Change Volume Password" or "Set Header Key Derivation Algorithm" actions. Just check the "TrueCrypt Mode", enter you TrueCrypt password and perform the operation. After that, you volume will have the VeraCrypt format.
Before doing the conversion, it is advised to backup the volume header using TrueCrypt. You can delete this backup safely once the conversion is done and after checking that the converted volume is mounted properly by VeraCrypt.
What's the difference between TrueCrypt and VeraCrypt?
VeraCrypt adds enhanced security to the algorithms used for system and partitions encryption making it immune to new developments in brute-force attacks.
It also solves many vulnerabilities and security issues found in TrueCrypt.
As an example, when the system partition is encrypted, TrueCrypt uses PBKDF2-RIPEMD160 with 1000 iterations whereas in VeraCrypt we use 327661. And for standard containers and other partitions, TrueCrypt uses at most 2000 iterations but VeraCrypt uses 655331 for RIPEMD160 and 500000 iterations for SHA-2 and Whirlpool.
This enhanced security adds some delay only to the opening of encrypted partitions without any performance impact to the application use phase. This is acceptable to the legitimate owner but it makes it much harder for an attacker to gain access to the encrypted data.

I forgot my password – is there any way ('backdoor') to recover the files from my VeraCrypt volume?
We have not implemented any 'backdoor' in VeraCrypt (and will never implement any even if asked to do so by a government agency), because it would defeat the purpose of the software. VeraCrypt does not allow decryption of data without knowing the correct password or key. We cannot recover your data because we do not know and cannot determine the password you chose or the key you generated using VeraCrypt. The only way to recover your files is to try to "crack" the password or the key, but it could take thousands or millions of years (depending on the length and quality of the password or keyfiles, on the software/hardware performance, algorithms, and other factors). Back in 2010, there was news about the FBI failing to decrypt a TrueCrypt volume after a year of trying. While we can't verify if this is true or just a "psy-op" stunt, in VeraCrypt we have increased the security of the key derivation to a level where any brute-force of the password is virtually impossible, provided that all security requirements are respected.

Is there a "Quick Start Guide" or some tutorial for beginners?
Yes. The first chapter, Beginner's Tutorial, in the VeraCrypt User Guide contains screenshots and step-by-step instructions on how to create, mount, and use a VeraCrypt volume.

Can I encrypt a partition/drive where Windows is installed?
Yes, see the chapter System Encryption in the VeraCrypt User Guide.
The system encryption Pre Test fails because the bootloader hangs with the messaging "booting" after successfully verifying the password. How to make the Pre Test succeed?
There two known workarounds for this issue (Both require having a Windows Installation disk):
  1. Boot your machine using a Windows Installation disk and select to repair your computer. Choose "Command Prompt" option and when it opens, type the commands below and then restart your system:
    • BootRec /fixmbr
    • BootRec /FixBoot
  2. Delete the 100 MB System Reserved partition located at the beginning of your drive and set the system partition next to it as the active partition (both can be done using diskpart utility available in Windows Installation disk repair option). After that, run Startup Repair after rebooting on Windows Installation disk. The following link contains detailed instructions: https://www.sevenforums.com/tutorials/71363-system-reserved-partition-delete.html
The system encryption Pre Test fails even though the password was correctly entered in the bootloader. How to make the Pre Test succeed?
This can be caused by the TrueCrypt driver that clears BIOS memory before VeraCrypt is able to read it. In this case, uninstalling TrueCrypt solves the issue.
This can also be caused by some hardware drivers and other software that access BIOS memory. There is no generic solution for this and affected users should identify such software and remove it from the system.

Can I directly play a video (.avi, .mpg, etc.) stored on a VeraCrypt volume?
Yes, VeraCrypt-encrypted volumes are like normal disks. You provide the correct password (and/or keyfile) and mount (open) the VeraCrypt volume. When you double click the icon of the video file, the operating system launches the application associated with the file type – typically a media player. The media player then begins loading a small initial portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) in order to play it. While the portion is being loaded, VeraCrypt is automatically decrypting it (in RAM). The decrypted portion of the video (stored in RAM) is then played by the media player. While this portion is being played, the media player begins loading another small portion of the video file from the VeraCrypt-encrypted volume to RAM (memory) and the process repeats.

The same goes for video recording: Before a chunk of a video file is written to a VeraCrypt volume, VeraCrypt encrypts it in RAM and then writes it to the disk. This process is called on-the-fly encryption/decryption and it works for all file types (not only for video files).

Will VeraCrypt be open-source and free forever?
Yes, it will. We will never create a commercial version of VeraCrypt, as we believe in open-source and free security software.

Is it possible to donate to the VeraCrypt project?
Yes. You can use the donation buttons at https://www.veracrypt.fr/en/donation/.

Why is VeraCrypt open-source? What are the advantages?
As the source code for VeraCrypt is publicly available, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. If the source code were not available, reviewers would need to reverse-engineer the executable files. However, analyzing and understanding such reverse-engineered code is so difficult that it is practically impossible to do (especially when the code is as large as the VeraCrypt code).

Remark: A similar problem also affects cryptographic hardware (for example, a self-encrypting storage device). It is very difficult to reverse-engineer it to verify that it does not contain any security flaw or secret 'backdoor'.

VeraCrypt is open-source, but has anybody actually reviewed the source code?
Yes. An audit has been performed by Quarkslab. The technical report can be downloaded from here. VeraCrypt 1.19 addressed the issues found by this audit.

As VeraCrypt is open-source software, independent researchers can verify that the source code does not contain any security flaw or secret 'backdoor'. Can they also verify that the official executable files were built from the published source code and contain no additional code?
Yes, they can. In addition to reviewing the source code, independent researchers can compile the source code and compare the resulting executable files with the official ones. They may find some differences (for example, timestamps or embedded digital signatures) but they can analyze the differences and verify that they do not form malicious code.

How can I use VeraCrypt on a USB flash drive?
You have three options:
  1. Encrypt the entire USB flash drive. However, you will not be able run VeraCrypt from the USB flash drive.
  2. Create two or more partitions on your USB flash drive. Leave the first partition non encrypted and encrypt the other partition(s). You can store VeraCrypt on the first partition in order to run it directly from the USB flash drive.
    Note: Windows can only access the primary partition of a USB flash drive, nevertheless the extra partitions remain accessible through VeraCrypt.
  3. Create a VeraCrypt file container on the USB flash drive (for information on how to do so, see the chapter Beginner's Tutorial, in the VeraCrypt User Guide). If you leave enough space on the USB flash drive (choose an appropriate size for the VeraCrypt container), you will also be able to store VeraCrypt on the USB flash drive (along with the container – not in the container) and you will be able to run VeraCrypt from the USB flash drive (see also the chapter Portable Mode in the VeraCrypt User Guide).

Does VeraCrypt also encrypt file names and folder names?
Yes. The entire file system within a VeraCrypt volume is encrypted (including file names, folder names, and contents of every file). This applies to both types of VeraCrypt volumes – i.e., to file containers (virtual VeraCrypt disks) and to VeraCrypt-encrypted partitions/devices.

Does VeraCrypt use parallelization?
Yes. Increase in encryption/decryption speed is directly proportional to the number of cores/processors your computer has. For more information, please see the chapter Parallelization in the documentation.

Can data be read from and written to an encrypted volume/drive as fast as if the drive was not encrypted?
Yes, since VeraCrypt uses pipelining and parallelization. For more information, please see the chapters Pipelining and Parallelization in the documentation.

Does VeraCrypt support hardware-accelerated encryption?
Yes. For more information, please see the chapter Hardware Acceleration in the documentation.

Is it possible to boot Windows installed in a hidden VeraCrypt volume?
Yes, it is. For more information, please see the section Hidden Operating System in the documentation.

Will I be able to mount my VeraCrypt volume (container) on any computer?
Yes, VeraCrypt volumes are independent of the operating system. You will be able to mount your VeraCrypt volume on any computer on which you can run VeraCrypt (see also the question 'Can I use VeraCrypt on Windows if I do not have administrator privileges?').

Can I unplug or turn off a hot-plug device (for example, a USB flash drive or USB hard drive) when there is a mounted VeraCrypt volume on it?
Before you unplug or turn off the device, you should always dismount the VeraCrypt volume in VeraCrypt first, and then perform the 'Eject' operation if available (right-click the device in the 'Computer' or 'My Computer' list), or use the 'Safely Remove Hardware' function (built in Windows, accessible via the taskbar notification area). Otherwise, data loss may occur.

What is a hidden operating system?
See the section Hidden Operating System in the documentation.

What is plausible deniability?
See the chapter Plausible Deniability in the documentation.

Will I be able to mount my VeraCrypt partition/container after I reinstall or upgrade the operating system?
Yes, VeraCrypt volumes are independent of the operating system. However, you need to make sure your operating system installer does not format the partition where your VeraCrypt volume resides.

Note: If the system partition/drive is encrypted and you want to reinstall or upgrade Windows, you need to decrypt it first (select System > Permanently Decrypt System Partition/Drive). However, a running operating system can be updated (security patches, service packs, etc.) without any problems even when the system partition/drive is encrypted.

Can I upgrade from an older version of VeraCrypt to the latest version without any problems?
Generally, yes. However, before upgrading, please read the release notes for all versions of VeraCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the release notes.

Can I upgrade VeraCrypt if the system partition/drive is encrypted or do I have to decrypt it first?
Generally, you can upgrade to the latest version without decrypting the system partition/drive (just run the VeraCrypt installer and it will automatically upgrade VeraCrypt on the system). However, before upgrading, please read the release notes for all versions of VeraCrypt that have been released since your version was released. If there are any known issues or incompatibilities related to upgrading from your version to a newer one, they will be listed in the release notes. Note that this FAQ answer is also valid for users of a hidden operating system. Also note that you cannot downgrade VeraCrypt if the system partition/drive is encrypted.

I use pre-boot authentication. Can I prevent a person (adversary) that is watching me start my computer from knowing that I use VeraCrypt?
Yes. To do so, boot the encrypted system, start VeraCrypt, select Settings > System Encryption, enable the option 'Do not show any texts in the pre-boot authentication screen' and click OK. Then, when you start the computer, no texts will be displayed by the VeraCrypt boot loader (not even when you enter the wrong password). The computer will appear to be "frozen" while you can type your password. It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the VeraCrypt boot loader.

I use pre-boot authentication. Can I configure the VeraCrypt Boot Loader to display only a fake error message?
Yes. To do so, boot the encrypted system, start VeraCrypt, select Settings > System Encryption, enable the option 'Do not show any texts in the pre-boot authentication screen' and enter the fake error message in the corresponding field (for example, the "Missing operating system" message, which is normally displayed by the Windows boot loader if it finds no Windows boot partition). It is, however, important to note that if the adversary can analyze the content of the hard drive, he can still find out that it contains the VeraCrypt boot loader.

Can I configure VeraCrypt to mount automatically whenever Windows starts a non-system VeraCrypt volume that uses the same password as my system partition/drive (i.e. my pre-boot authentication password)?
Yes. To do so, follow these steps:
  1. Mount the volume (to the drive letter to which you want it to be mounted every time).
  2. Right-click the mounted volume in the drive list in the main VeraCrypt window and select 'Add to System Favorites'.
  3. The System Favorites Organizer window should appear now. In this window, enable the option 'Mount system favorite volumes when Windows starts' and click OK.
For more information, see the chapter System Favorite Volumes.

Can a volume be automatically mounted whenever I log on to Windows?
Yes. To do so, follow these steps:
  1. Mount the volume (to the drive letter to which you want it to be mounted every time).
  2. Right-click the mounted volume in the drive list in the main VeraCrypt window and select 'Add to Favorites'.
  3. The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume upon logon' and click OK.
Then, when you log on to Windows, you will be asked for the volume password (and/or keyfiles) and if it is correct, the volume will be mounted.

Alternatively, if the volumes are partition/device-hosted and if you do not need to mount them to particular drive letters every time, you can follow these steps:
  1. Select Settings > Preferences. The Preferences window should appear now.
  2. In the section 'Actions to perform upon logon to Windows', enable the option 'Mount all devices-hosted VeraCrypt volumes' and click OK.
Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volumes use the same password as the system partition/drive.

Can a volume be automatically mounted whenever its host device gets connected to the computer?
Yes. For example, if you have a VeraCrypt container on a USB flash drive and you want VeraCrypt to mount it automatically when you insert the USB flash drive into the USB port, follow these steps:
  1. Mount the volume (to the drive letter to which you want it to be mounted every time).
  2. Right-click the mounted volume in the drive list in the main VeraCrypt window and select 'Add to Favorites'.
  3. The Favorites Organizer window should appear now. In this window, enable the option 'Mount selected volume when its host device gets connected' and click OK.
Then, when you insert the USB flash drive into the USB port, you will be asked for the volume password (and/or keyfiles) (unless it is cached) and if it is correct, the volume will be mounted.

Note: VeraCrypt will not prompt you for a password if you have enabled caching of the pre-boot authentication password (Settings > 'System Encryption') and the volume uses the same password as the system partition/drive.

Can my pre-boot authentication password be cached so that I can use it mount non-system volumes during the session?
Yes. Select Settings > 'System Encryption' and enable the following option: 'Cache pre-boot authentication password in driver memory'.

I live in a country that violates basic human rights of its people. Is it possible to use VeraCrypt without leaving any 'traces' on unencrypted Windows?
Yes. This can be achieved by running VeraCrypt in portable mode under BartPE or in a similar environment. BartPE stands for "Bart's Preinstalled Environment", which is essentially the Windows operating system prepared in a way that it can be entirely stored on and booted from a CD/DVD (registry, temporary files, etc., are stored in RAM – hard drive is not used at all and does not even have to be present). The freeware Bart's PE Builder can transform a Windows XP installation CD into a BartPE CD. Note that you do not even need any special VeraCrypt plug-in for BartPE. Follow these steps:
  1. Create a BartPE CD and boot it. (Note: You must perform each of the following steps from within BartPE.)
  2. Download the VeraCrypt self-extracting package to the RAM disk (which BartPE automatically creates).

    Note: If the adversary can intercept data you send or receive over the Internet and you need to prevent the adversary from knowing you downloaded VeraCrypt, consider downloading it via I2P, Tor, or a similar anonymizing network.
  3. Verify the digital signatures of the downloaded file (see this section of the documentation for more information).
  4. Run the downloaded file, and select Extract (instead of Install) on the second page of the VeraCrypt Setup wizard. Extract the contents to the RAM disk.
  5. Run the file VeraCrypt.exe from the RAM disk.
Note: You may also want to consider creating a hidden operating system (see the section Hidden Operating System in the documentation). See also the chapter Plausible Deniability.

Can I encrypt my system partition/drive if I don't have a US keyboard?
Yes, VeraCrypt supports all keyboard layouts. Because of BIOS requirement, the pre-boot password is typed using US keyboard layout. During the system encryption process, VeraCrypt automatically and transparently switches the keyboard to US layout in order to ensure that the password value typed will match the one typed in pre-boot mode. Thus, in order to avoid wrong password errors, one must type the password using the same keys as when creating the system encryption.

Can I save data to the decoy system partition without risking damage to the hidden system partition?
Yes. You can write data to the decoy system partition anytime without any risk that the hidden volume will get damaged (because the decoy system is not installed within the same partition as the hidden system). For more information, see the section Hidden Operating System in the documentation.

Can I use VeraCrypt on Windows if I do not have administrator privileges?
See the chapter 'Using VeraCrypt Without Administrator Privileges' in the documentation.

Does VeraCrypt save my password to a disk?
No.

How does VeraCrypt verify that the correct password was entered?
See the section Encryption Scheme (chapter Technical Details) in the documentation.

Can I encrypt a partition/drive without losing the data currently stored on it?
Yes, but the following conditions must be met:

Can I run VeraCrypt if I don't install it?
Yes, see the chapter Portable Mode in the VeraCrypt User Guide.

Some encryption programs use TPM to prevent attacks. Will VeraCrypt use it too?
No. Those programs use TPM to protect against attacks that require the attacker to have administrator privileges, or physical access to the computer, and the attacker needs you to use the computer after such an access. However, if any of these conditions is met, it is actually impossible to secure the computer (see below) and, therefore, you must stop using it (instead of relying on TPM).

If the attacker has administrator privileges, he can, for example, reset the TPM, capture the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer).

If the attacker can physically access the computer hardware (and you use it after such an access), he can, for example, attach a malicious component to it (such as a hardware keystroke logger) that will capture the password, the content of RAM (containing master keys) or content of files stored on mounted VeraCrypt volumes (decrypted on the fly), which can then be sent to the attacker over the Internet or saved to an unencrypted local drive (from which the attacker might be able to read it later, when he gains physical access to the computer again).

The only thing that TPM is almost guaranteed to provide is a false sense of security (even the name itself, "Trusted Platform Module", is misleading and creates a false sense of security). As for real security, TPM is actually redundant (and implementing redundant features is usually a way to create so-called bloatware).

For more information, please see the sections Physical Security and Malware in the documentation.

Do I have to dismount VeraCrypt volumes before shutting down or restarting Windows?
No. VeraCrypt automatically dismounts all mounted VeraCrypt volumes on system shutdown/restart.

Which type of VeraCrypt volume is better – partition or file container?
File containers are normal files so you can work with them as with any normal files (file containers can be, for example, moved, renamed, and deleted the same way as normal files). Partitions/drives may be better as regards performance. Note that reading and writing to/from a file container may take significantly longer when the container is heavily fragmented. To solve this problem, defragment the file system in which the container is stored (when the VeraCrypt volume is dismounted).

What's the recommended way to back up a VeraCrypt volume?
See the chapter How to Back Up Securely in the documentation.

What will happen if I format a VeraCrypt partition?
See the question 'Is it possible to change the file system of an encrypted volume?'

Is it possible to change the file system of an encrypted volume?
Yes, when mounted, VeraCrypt volumes can be formatted as FAT12, FAT16, FAT32, NTFS, or any other file system. VeraCrypt volumes behave as standard disk devices so you can right-click the device icon (for example in the 'Computer' or 'My Computer' list) and select 'Format'. The actual volume contents will be lost. However, the whole volume will remain encrypted. If you format a VeraCrypt-encrypted partition when the VeraCrypt volume that the partition hosts is not mounted, then the volume will be destroyed, and the partition will not be encrypted anymore (it will be empty).

Is it possible to mount a VeraCrypt container that is stored on a CD or DVD?
Yes. However, if you need to mount a VeraCrypt volume that is stored on a read-only medium (such as a CD or DVD) under Windows 2000, the file system within the VeraCrypt volume must be FAT (Windows 2000 cannot mount an NTFS file system on read-only media).

Is it possible to change the password for a hidden volume?
Yes, the password change dialog works both for standard and hidden volumes. Just type the password for the hidden volume in the 'Current Password' field of the 'Volume Password Change' dialog.
Remark: VeraCrypt first attempts to decrypt the standard volume header and if it fails, it attempts to decrypt the area within the volume where the hidden volume header may be stored (if there is a hidden volume within). In case it is successful, the password change applies to the hidden volume. (Both attempts use the password typed in the 'Current Password' field.)

When I use HMAC-RIPEMD-160, is the size of the header encryption key only 160 bits?
No, VeraCrypt never uses an output of a hash function (nor of a HMAC algorithm) directly as an encryption key. See the section Header Key Derivation, Salt, and Iteration Count in the documentation for more information.

How do I burn a VeraCrypt container larger than 2 GB onto a DVD?

The DVD burning software you use should allow you to select the format of the DVD. If it does, select the UDF format (ISO format does not support files larger than 2 GB).

Can I use tools like chkdsk, Disk Defragmenter, etc. on the contents of a mounted VeraCrypt volume?
Yes, VeraCrypt volumes behave like real physical disk devices, so it is possible to use any filesystem checking/repairing/defragmenting tools on the contents of a mounted VeraCrypt volume.

Does VeraCrypt support 64-bit versions of Windows?
Yes, it does. Note: 64-bit versions of Windows load only drivers that are digitally signed with a digital certificate issued by a certification authority approved for issuing kernel-mode code signing certificates. VeraCrypt complies with this requirement (the VeraCrypt driver is digitally signed with the digital certificate of IDRIX, which was issued by the certification authority Thawte).

Can I mount my VeraCrypt volume under Windows, Mac OS X, and Linux?
Yes, VeraCrypt volumes are fully cross-platform.
How can I uninstall VeraCrypt on Linux?
To uninstall VeraCrypt on Linux, run the following command in Terminal as root: veracrypt-uninstall.sh. On Ubuntu, you can use "sudo veracrypt-uninstall.sh".

Is there a list of all operating systems that VeraCrypt supports?
Yes, see the chapter Supported Operating Systems in the VeraCrypt User Guide.

Is it possible to install an application to a VeraCrypt volume and run it from there?
Yes.

What will happen when a part of a VeraCrypt volume becomes corrupted?
In encrypted data, one corrupted bit usually corrupts the whole ciphertext block in which it occurred. The ciphertext block size used by VeraCrypt is 16 bytes (i.e., 128 bits). The mode of operation used by VeraCrypt ensures that if data corruption occurs within a block, the remaining blocks are not affected. See also the question 'What do I do when the encrypted filesystem on my VeraCrypt volume is corrupted?

What do I do when the encrypted filesystem on my VeraCrypt volume is corrupted?
File system within a VeraCrypt volume may become corrupted in the same way as any normal unencrypted file system. When that happens, you can use filesystem repair tools supplied with your operating system to fix it. In Windows, it is the 'chkdsk' tool. VeraCrypt provides an easy way to use this tool on a VeraCrypt volume: Right-click the mounted volume in the main VeraCrypt window (in the drive list) and from the context menu select 'Repair Filesystem'.

We use VeraCrypt in a corporate/enterprise environment. Is there a way for an administrator to reset a volume password or pre-boot authentication password when a user forgets it (or loses a keyfile)?
Yes. Note that there is no "backdoor" implemented in VeraCrypt. However, there is a way to "reset" volume passwords/keyfiles and pre-boot authentication passwords. After you create a volume, back up its header to a file (select Tools -> Backup Volume Header) before you allow a non-admin user to use the volume. Note that the volume header (which is encrypted with a header key derived from a password/keyfile) contains the master key with which the volume is encrypted. Then ask the user to choose a password, and set it for him/her (Volumes -> Change Volume Password); or generate a user keyfile for him/her. Then you can allow the user to use the volume and to change the password/keyfiles without your assistance/permission. In case he/she forgets his/her password or loses his/her keyfile, you can "reset" the volume password/keyfiles to your original admin password/keyfiles by restoring the volume header from the backup file (Tools -> Restore Volume Header).

Similarly, you can reset a pre-boot authentication password. To create a backup of the master key data (that will be stored on a VeraCrypt Rescue Disk and encrypted with your administrator password), select 'System' > 'Create Rescue Disk'. To set a user pre-boot authentication password, select 'System' > 'Change Password'. To restore your administrator password, boot the VeraCrypt Rescue Disk, select 'Repair Options' > 'Restore key data' and enter your administrator password.
Note: It is not required to burn each VeraCrypt Rescue Disk ISO image to a CD/DVD. You can maintain a central repository of ISO images for all workstations (rather than a repository of CDs/DVDs). For more information see the section Command Line Usage (option /noisocheck).

Can our commercial company use VeraCrypt free of charge?
Provided that you comply with the terms and conditions of the VeraCrypt License, you can install and run VeraCrypt free of charge on an arbitrary number of your computers.

We share a volume over a network. Is there a way to have the network share automatically restored when the system is restarted?
Please see the chapter 'Sharing over Network' in the VeraCrypt User Guide.

It is possible to access a single VeraCrypt volume simultaneously from multiple operating systems (for example, a volume shared over a network)?
Please see the chapter 'Sharing over Network' in the VeraCrypt User Guide.

Can a user access his or her VeraCrypt volume via a network?
Please see the chapter 'Sharing over Network' in the VeraCrypt User Guide.

I encrypted a non-system partition, but its original drive letter is still visible in the 'My Computer' list. When I double click this drive letter, Windows asks if I want to format the drive. Is there a way to hide or free this drive letter?
Yes, to free the drive letter follow these steps:
  1. Right-click the 'Computer' (or 'My Computer') icon on your desktop or in the Start Menu and select Manage. The 'Computer Management' window should appear.
  2. From the list on the left, select 'Disk Management' (within the Storage sub-tree).
  3. Right-click the encrypted partition/device and select Change Drive Letter and Paths.
  4. Click Remove.
  5. If Windows prompts you to confirm the action, click Yes.

When I plug in my encrypted USB flash drive, Windows asks me if I want to format it. Is there a way to prevent that?
Yes, but you will need to remove the drive letter assigned to the device. For information on how to do so, see the question 'I encrypted a non-system partition, but its original drive letter is still visible in the 'My Computer' list.'

How do I remove or undo encryption if I do not need it anymore? How do I permanently decrypt a volume?
Please see the section 'How to Remove Encryption' in the VeraCrypt User Guide.

What will change when I enable the option 'Mount volumes as removable media'?
Please see the section 'Volume Mounted as Removable Medium' in the VeraCrypt User Guide.

Is the online documentation available for download as a single file?
Yes, the documentation is contained in the file VeraCrypt User Guide.chm that is included in official VeraCrypt installer for Windows. You can also download the CHM using the link available at the home page https://www.veracrypt.fr/en/downloads/. Note that you do not have to install VeraCrypt to obtain the CHM documentation. Just run the self-extracting installation package and then select Extract (instead of Install) on the second page of the VeraCrypt Setup wizard. Also note that when you do install VeraCrypt, the CHM documentation is automatically copied to the folder to which VeraCrypt is installed, and is accessible via the VeraCrypt user interface (by pressing F1 or choosing Help > User's Guide).

Do I have to "wipe" free space and/or files on a VeraCrypt volume?
Remark: to "wipe" = to securely erase; to overwrite sensitive data in order to render them unrecoverable.

If you believe that an adversary will be able to decrypt the volume (for example that he will make you reveal the password), then the answer is yes. Otherwise, it is not necessary, because the volume is entirely encrypted.

How does VeraCrypt know which encryption algorithm my VeraCrypt volume has been encrypted with?
Please see the section Encryption Scheme (chapter Technical Details) in the documentation.
How can I perform a Windows built-in backup on a VeraCrypt volume? The VeraCrypt volume doesn't show up in the list of available backup paths.
Windows built-in backup utility looks only for physical driver, that's why it doesn't display the VeraCrypt volume. Nevertheless, you can still backup on a VeraCrypt volume by using a trick: activate sharing on the VeraCrypt volume through Explorer interface (of course, you have to put the correct permission to avoid unauthorized access) and then choose the option "Remote shared folder" (it is not remote of course but Windows needs a network path). There you can type the path of the shared drive (for example \\ServerName\sharename) and the backup will be configured correctly.
Is the encryption used by VeraCrypt vulnerable to Quantum attacks?
VeraCrypt uses block ciphers (AES, Serpent, Twofish) for its encryption. Quantum attacks against these block ciphers are just a faster brute-force since the best know attack against these algorithms is exhaustive search (related keys attacks are irrelevant to our case because all keys are random and independent from each other).
Since VeraCrypt always uses 256-bit random and independent keys, we are assured of a 128-bit security
level against quantum algorithms which makes VeraCrypt encryption immune to such attacks.
How to make a VeraCrypt volume available for Windows Search indexing?
In order to be able to index a VeraCrypt volume through Windows Search, the volume must be mounted at boot time (System Favorite) or the Windows Search services must be restart after the volume is mounted. This is needed because Windows Search can only index drives that are available when it starts.
I haven't found any answer to my question in the FAQ – what should I do?
Please search the VeraCrypt documentation and website.
+{
+ OPENFILENAMEW ofn;
+ wchar_t file[TC_MAX_PATH] = { 0 };
+ wchar_t filter[1024];
+ BOOL status = FALSE;
+
+ CoInitialize (NULL);
+
+ ZeroMemory (&ofn, sizeof (ofn));
+
+ if (initialDir)
+ {
+ ofn.lpstrInitialDir = initialDir;
+ }
+
+ ofn.lStructSize = sizeof (ofn);
+ ofn.hwndOwner = hwndDlg;
+ StringCbPrintfW (filter, sizeof(filter), L"%ls (*.*)%c*.*%c",
+ GetString ("ALL_FILES"), 0, 0);
+ ofn.lpstrFilter = filter;
+ ofn.nFilterIndex = 1;
+ ofn.lpstrFile = NULL;
+ ofn.nMaxFile = sizeof (file) / sizeof (file[0]);
+ ofn.lpstrTitle = GetString (stringId);
+ ofn.lpstrDefExt = NULL;
+ ofn.Flags = OFN_HIDEREADONLY
+ | OFN_PATHMUSTEXIST
+ | OFN_DONTADDTORECENT;
+
+ SystemFileSelectorCallerThreadId = GetCurrentThreadId();
+ SystemFileSelectorCallPending = TRUE;
+
+ if (!GetOpenFileNameW (&ofn))
+ goto ret;
+
+ SystemFileSelectorCallPending = FALSE;
+
+ status = TRUE;
+
+ret:
+ SystemFileSelectorCallPending = FALSE;
+ ResetCurrentDirectory();
+ CoUninitialize();
+
+ return status;
+}
BOOL BrowseFilesInDir (HWND hwndDlg, char *stringId, wchar_t *initialDir, wchar_t *lpszFileName, BOOL keepHistory, BOOL saveMode, wchar_t *browseFilter, const wchar_t *initialFileName, const wchar_t *defaultExtension)
{
OPENFILENAMEW ofn;
wchar_t file[TC_MAX_PATH] = { 0 };
wchar_t filter[1024];
BOOL status = FALSE;
CoInitialize (NULL);
@@ -9975,22 +10029,20 @@ BOOL PrintHardCopyTextUTF16 (wchar_t *text, wchar_t *title, size_t textByteLen)
WaitCursor ();
ShellExecute (NULL, L"open", filename, cl, NULL, SW_HIDE);
Sleep (6000);
NormalCursor();
_wremove (path);
return TRUE;
}
-
-
BOOL IsNonInstallMode ()
{
HKEY hkey, hkeybis;
DWORD dw;
WCHAR szBuffer[512];
DWORD dwBufferSize = sizeof(szBuffer);
std::wstring msiProductGUID;
if (bPortableModeConfirmed)
return TRUE;
@@ -10075,21 +10127,20 @@ BOOL IsNonInstallMode ()
// Configuration" from the Windows boot menu).
if (RegOpenKeyEx (HKEY_LOCAL_MACHINE, L"Software\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\VeraCrypt", 0, KEY_READ | KEY_WOW64_32KEY, &hkey) == ERROR_SUCCESS)
{
RegCloseKey (hkey);
return FALSE;
}
else
return TRUE;
}
-
LRESULT SetCheckBox (HWND hwndDlg, int dlgItem, BOOL state)
{
return SendDlgItemMessage (hwndDlg, dlgItem, BM_SETCHECK, state ? BST_CHECKED : BST_UNCHECKED, 0);
}
BOOL GetCheckBox (HWND hwndDlg, int dlgItem)
{
return IsButtonChecked (GetDlgItem (hwndDlg, dlgItem));
}
@@ -11616,33 +11667,33 @@ BOOL CALLBACK FindTCWindowEnum (HWND hwnd, LPARAM lParam)
}
}
return TRUE;
}
BYTE *MapResource (wchar_t *resourceType, int resourceId, PDWORD size)
{
HGLOBAL hResL;
HRSRC hRes;
- HINSTANCE hResInst = NULL;
+ HINSTANCE hResInst = NULL;
#ifdef SETUP_DLL
// In case we're being called from the SetupDLL project, FindResource()
// and LoadResource() with NULL will fail since we're in a DLL. We need
// to call them with the HINSTANCE of the DLL instead, which we set in
// Setup.c of SetupDLL, DllMain() function.
hResInst = hInst;
#endif
hRes = FindResource (hResInst, MAKEINTRESOURCE(resourceId), resourceType);
hResL = LoadResource (hResInst, hRes);
-
+
if (size != NULL)
*size = SizeofResource (hResInst, hRes);
return (BYTE *) LockResource (hResL);
}
void InconsistencyResolved (char *techInfo)
{
wchar_t finalMsg[8024];
diff --git a/src/Common/Dlgcode.h b/src/Common/Dlgcode.h
index 362b2d6d..d9bc3374 100644
--- a/src/Common/Dlgcode.h
+++ b/src/Common/Dlgcode.h
@@ -275,20 +275,23 @@ typedef NTSTATUS (WINAPI *NtQuerySystemInformationFn)(
#define DEFAULT_VOL_CREATION_WIZARD_MODE WIZARD_MODE_FILE_CONTAINER
#define ICON_HAND MB_ICONHAND
#define YES_NO MB_YESNO
#define ISO_BURNER_TOOL L"isoburn.exe"
#define PRINT_TOOL L"notepad.exe"
+
+BOOL CheckIsIMESupported ();
+
void InitGlobalLocks ();
void FinalizeGlobalLocks ();
void cleanup ( void );
void LowerCaseCopy ( wchar_t *lpszDest , const wchar_t *lpszSource );
void UpperCaseCopy ( wchar_t *lpszDest , size_t cbDest, const wchar_t *lpszSource );
BOOL IsNullTerminateString (const wchar_t* str, size_t cbSize);
void CreateFullVolumePath ( wchar_t *lpszDiskFile , size_t cbDiskFile, const wchar_t *lpszFileName , BOOL *bDevice );
int FakeDosNameForDevice ( const wchar_t *lpszDiskFile , wchar_t *lpszDosDevice , size_t cbDosDevice, wchar_t *lpszCFDevice , size_t cbCFDevice, BOOL bNameOnly );
int RemoveFakeDosName ( wchar_t *lpszDiskFile , wchar_t *lpszDosDevice );
void AbortProcessDirect ( wchar_t *abortMsg );
@@ -367,20 +370,21 @@ BOOL CALLBACK TextInfoDialogBoxDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, L
char * GetLegalNotices ();
BOOL CALLBACK BenchmarkDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
void UserEnrichRandomPool (HWND hwndDlg);
BOOL CALLBACK KeyfileGeneratorDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
BOOL CALLBACK MultiChoiceDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lParam);
int DriverAttach ( void );
BOOL CALLBACK CipherTestDialogProc ( HWND hwndDlg , UINT uMsg , WPARAM wParam , LPARAM lParam );
void ResetCipherTest ( HWND hwndDlg , int idTestCipher );
void ResetCurrentDirectory ();
BOOL BrowseFiles (HWND hwndDlg, char *stringId, wchar_t *lpszFileName, BOOL keepHistory, BOOL saveMode, wchar_t *browseFilter);
+BOOL BrowseFile (HWND hwndDlg, char *stringId, wchar_t *initialDir);
BOOL BrowseDirectories (HWND hWnd, char *lpszTitle, wchar_t *dirName);
void handleError ( HWND hwndDlg , int code, const char* srcPos );
BOOL CheckFileStreamWriteErrors (HWND hwndDlg, FILE *file, const wchar_t *fileName);
void LocalizeDialog ( HWND hwnd, char *stringId );
void OpenVolumeExplorerWindow (int driveNo);
static BOOL CALLBACK CloseVolumeExplorerWindowsEnum( HWND hwnd, LPARAM driveNo);
BOOL CloseVolumeExplorerWindows (HWND hwnd, int driveNo);
BOOL UpdateDriveCustomLabel (int driveNo, wchar_t* effectiveLabel, BOOL bSetValue);
BOOL CheckCapsLock (HWND hwnd, BOOL quiet);
BOOL CheckFileExtension (wchar_t *fileName);
diff --git a/src/Common/Language.xml b/src/Common/Language.xml
index e4ceac7a..9ac6ce1b 100644
--- a/src/Common/Language.xml
+++ b/src/Common/Language.xml
@@ -1,18 +1,19 @@
<?xml version="1.0" encoding="utf-8"?>
<VeraCrypt>
<localization prog-version="1.24-Update8">
<language langid="en" name="English" en-name="English" version="0.0.0" translators="TrueCrypt/VeraCrypt Teams" />
<font lang="en" class="normal" size="11" face="default" />
<font lang="en" class="bold" size="13" face="Arial" />
<font lang="en" class="fixed" size="12" face="Lucida Console" />
<font lang="en" class="title" size="21" face="Times New Roman" />
+
<entry lang="en" key="IDCANCEL">Cancel</entry>
<entry lang="en" key="IDC_ALL_USERS">Install &amp;for all users</entry>
<entry lang="en" key="IDC_BROWSE">Bro&amp;wse...</entry>
<entry lang="en" key="IDC_DESKTOP_ICON">Add VeraCrypt icon to &amp;desktop</entry>
<entry lang="en" key="IDC_DONATE">Donate now...</entry>
<entry lang="en" key="IDC_FILE_TYPE">Associate the .hc file &amp;extension with VeraCrypt</entry>
<entry lang="en" key="IDC_OPEN_CONTAINING_FOLDER">&amp;Open the destination location when finished</entry>
<entry lang="en" key="IDC_PROG_GROUP">Add VeraCrypt to &amp;Start menu</entry>
<entry lang="en" key="IDC_SYSTEM_RESTORE">Create System &amp;Restore point</entry>
<entry lang="en" key="IDC_UNINSTALL">&amp;Uninstall</entry>
@@ -51,33 +52,33 @@
<entry lang="en" key="IDC_MB">&amp;MiB</entry>
<entry lang="en" key="IDC_MORE_INFO_ON_CONTAINERS">More information</entry>
<entry lang="en" key="IDC_MORE_INFO_ON_SYS_ENCRYPTION">More information about system encryption</entry>
<entry lang="en" key="IDC_MORE_INFO_SYS_ENCRYPTION">More information</entry>
<entry lang="en" key="IDC_MULTI_BOOT">Multi-Boot</entry>
<entry lang="en" key="IDC_NONSYS_DEVICE">Encrypt a non-system partition/drive</entry>
<entry lang="en" key="IDC_NO_HISTORY">&amp;Never save history</entry>
<entry lang="en" key="IDC_OPEN_OUTER_VOLUME">Open Outer Volume</entry>
<entry lang="en" key="IDC_PAUSE">&amp;Pause</entry>
<entry lang="en" key="IDC_PIM_ENABLE">Use P&amp;IM</entry>
- <entry lang="en" key="IDC_NEW_PIM_ENABLE">Use PIM</entry>
+ <entry lang="en" key="IDC_NEW_PIM_ENABLE">Modify PIM</entry>
<entry lang="en" key="IDC_QUICKFORMAT">Quick Format</entry>
<entry lang="en" key="IDC_SHOW_PASSWORD">&amp;Display password</entry>
<entry lang="en" key="IDC_SHOW_PASSWORD_SINGLE">&amp;Display password</entry>
<entry lang="en" key="IDC_SHOW_PIM">&amp;Display PIM</entry>
<entry lang="en" key="IDC_SINGLE_BOOT">Single-boot</entry>
<entry lang="en" key="IDC_STD_VOL">Standard VeraCrypt volume</entry>
<entry lang="en" key="IDC_SYSENC_HIDDEN">Hi&amp;dden</entry>
<entry lang="en" key="IDC_SYSENC_NORMAL">Normal</entry>
<entry lang="en" key="IDC_SYS_DEVICE">Encrypt the system partition or entire system drive</entry>
<entry lang="en" key="IDC_SYS_PARTITION">Encrypt the Windows system partition</entry>
<entry lang="en" key="IDC_WHOLE_SYS_DRIVE">Encrypt the whole drive</entry>
- <entry lang="en" key="IDD_VOL_CREATION_WIZARD_DLG">VeraCrypt Volume Creation Wizard</entry>
+ <entry lang="en" key="IDD_VOL_CREATION_WIZARD_DLG">VeraCrypt Wizard</entry>
<entry lang="en" key="IDT_CLUSTER">Cluster </entry>
<entry lang="en" key="IDT_COLLECTING_RANDOM_DATA_NOTE">IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.</entry>
<entry lang="en" key="IDT_CONFIRM">&amp;Confirm:</entry>
<entry lang="en" key="IDT_DONE">Done</entry>
<entry lang="en" key="IDT_DRIVE_LETTER">Drive letter:</entry>
<entry lang="en" key="IDT_ENCRYPTION_ALGO">Encryption Algorithm</entry>
<entry lang="en" key="IDT_FILESYSTEM">Filesystem </entry>
<entry lang="en" key="IDT_FILE_CONTAINER">Creates a virtual encrypted disk within a file. Recommended for inexperienced users.</entry>
<entry lang="en" key="IDT_FORMAT_OPTIONS">Options</entry>
<entry lang="en" key="IDT_HASH_ALGO">Hash Algorithm</entry>
@@ -93,21 +94,21 @@
<entry lang="en" key="IDT_OLD_PIM">Volume PIM:</entry>
<entry lang="en" key="IDT_PROGRESS">Progress:</entry>
<entry lang="en" key="IDT_RANDOM_POOL">Random Pool: </entry>
<entry lang="en" key="IDT_SINGLE_BOOT">Select this option if there is only one operating system installed on this computer (even if it has multiple users).</entry>
<entry lang="en" key="IDT_SPEED">Speed</entry>
<entry lang="en" key="IDT_STATUS">Status</entry>
<entry lang="en" key="IDT_SYSENC_KEYS_GEN_INFO">The keys, salt, and other data have been successfully generated. If you want to generate new keys, click Back and then Next. Otherwise, click Next to continue.</entry>
<entry lang="en" key="IDT_SYS_DEVICE">Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.</entry>
<entry lang="en" key="IDT_SYS_PARTITION">Select this option to encrypt the partition where the currently running Windows operating system is installed.</entry>
<entry lang="en" key="IDT_VOLUME_LABEL">Volume Label in Windows:</entry>
- <entry lang="en" key="IDT_WIPE_MODE">Wipe mode:</entry>
+ <entry lang="en" key="IDT_WIPE_MODE">Wipe Mode</entry>
<entry lang="en" key="IDCLOSE">Close</entry>
<entry lang="en" key="IDC_ALLOW_ESC_PBA_BYPASS">Allow pre-boot &amp;authentication to be bypassed by pressing the Esc key (enables boot manager)</entry>
<entry lang="en" key="IDC_AUTORUN_DISABLE">Do nothing</entry>
<entry lang="en" key="IDC_AUTORUN_MOUNT">&amp;Auto-mount VeraCrypt volume (specified below)</entry>
<entry lang="en" key="IDC_AUTORUN_START">&amp;Start VeraCrypt</entry>
<entry lang="en" key="IDC_AUTO_DETECT_PKCS11_MODULE">Auto-&amp;Detect Library</entry>
<entry lang="en" key="IDC_BOOT_LOADER_CACHE_PASSWORD">&amp;Cache pre-boot authentication password in driver memory (for mounting of non-system volumes)</entry>
<entry lang="en" key="IDC_BROWSE_DIRS">Browse...</entry>
<entry lang="en" key="IDC_BROWSE_FILES">Browse...</entry>
<entry lang="en" key="IDC_CACHE">Cache passwords and keyfil&amp;es in memory</entry>
@@ -481,21 +482,21 @@
<entry lang="en" key="FILESYS_PAGE_TITLE">Large Files</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_QUESTION">Do you intend to store files larger than 4 GiB in this VeraCrypt volume?</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION">Depending on your choice above, VeraCrypt will choose a suitable default file system for the VeraCrypt volume (you will be able to select a file system in the next step).</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL">As you are creating an outer volume, you should consider choosing 'No'. If you choose 'Yes', the default filesystem will be NTFS, which is not as suitable for outer volumes as FAT/exFAT (for example, the maximum possible size of the hidden volume will be significantly greater if the outer volume is formatted as FAT/exFAT). Normally, FAT is the default for both hidden and normal volumes (so FAT volumes are not suspicious). However, if the user indicates intent to store files larger than 4 GiB (which the FAT file system does not allow), then FAT is not the default.</entry>
<entry lang="en" key="FILESYS_PAGE_HELP_EXPLANATION_HIDVOL_CONFIRM">Are you sure you want to choose 'Yes'?</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_TITLE">Volume Creation Mode</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_FORMAT_HELP">This is the fastest way to create a partition-hosted or device-hosted VeraCrypt volume (in-place encryption, which is the other option, is slower because content of each sector has to be first read, encrypted, and then written). Any data currently stored on the selected partition/device will be lost (the data will NOT be encrypted; it will be overwritten with random data). If you want to encrypt existing data on a partition, choose the other option.</entry>
<entry lang="en" key="DEVICE_TRANSFORM_MODE_PAGE_INPLACE_HELP">The entire selected partition and all data stored on it will be encrypted in place. If the partition is empty, you should choose the other option (the volume will be created much faster).</entry>
<entry lang="en" key="NOTE_BEGINNING">Note: </entry>
<entry lang="en" key="RESUME">&amp;Resume</entry>
- <entry lang="en" key="DEFER">&amp;Defer</entry>
+ <entry lang="en" key="DEFER">&amp;Cancel</entry>
<entry lang="en" key="START">&amp;Start</entry>
<entry lang="en" key="CONTINUE">&amp;Continue</entry>
<entry lang="en" key="FORMAT">&amp;Format</entry>
<entry lang="en" key="WIPE">&amp;Wipe</entry>
<entry lang="en" key="FORMAT_ABORT">Abort format?</entry>
<entry lang="en" key="SHOW_MORE_INFORMATION">Show more information</entry>
<entry lang="en" key="DO_NOT_SHOW_THIS_AGAIN">Do not show this again</entry>
<entry lang="en" key="WIPE_FINISHED">The content of the partition/device has been successfully erased.</entry>
<entry lang="en" key="WIPE_FINISHED_DECOY_SYSTEM_PARTITION">The content of the partition where the original system (of which the hidden system is a clone) resided has been successfully erased.</entry>
<entry lang="en" key="DECOY_OS_VERSION_WARNING">Please make sure the version of Windows you are going to install (on the wiped partition) is the same as the version of Windows you are currently running. This is required due to the fact that both systems will share a common boot partition.</entry>
@@ -1099,21 +1100,21 @@
<entry lang="en" key="EXTRA_BOOT_PARTITION_REMOVAL_INSTRUCTIONS">\nThe extra boot partition can be removed before installing Windows. To do so, follow these steps:\n\n1) Boot your Windows installation disc.\n\n2) In the Windows installer screen, click 'Install now' > 'Custom (advanced)'.\n\n3) Click 'Drive Options'.\n\n4) Select the main system partition and delete it by clicking 'Delete' and 'OK'.\n\n5) Select the 'System Reserved' partition, click 'Extend', and increase its size so that the operating system can be installed to it.\n\n6) Click 'Apply' and 'OK'.\n\n7) Install Windows on the 'System Reserved' partition.\n\n\nShould an attacker ask why you removed the extra boot partition, you can answer that you wanted to prevent any possible data leaks to the unencrypted boot partition.\n\nNote: You can print this text by clicking the 'Print' button below. If you save a copy of this text or print it (strongly recommended, unless your printer stores copies of documents it prints on its internal drive), you should destroy any copies of it after removing the extra boot partition (otherwise, if such a copy was found, it might indicate that there is a hidden operating system on this computer).</entry>
<entry lang="en" key="GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION">Warning: There is unallocated space between the system partition and the first partition behind it. After you create the hidden operating system, you must not create any new partitions in that unallocated space. Otherwise, the hidden operating system will be impossible to boot (until you delete such newly created partitions).</entry>
<entry lang="en" key="ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">This algorithm is currently not supported for system encryption.</entry>
<entry lang="en" key="ALGO_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">This algorithm is not supported for TrueCrypt mode.</entry>
<entry lang="en" key="PIM_NOT_SUPPORTED_FOR_TRUECRYPT_MODE">PIM (Personal Iterations Multiplier) not supported for TrueCrypt mode.</entry>
<entry lang="en" key="PIM_REQUIRE_LONG_PASSWORD">Password must contain 20 or more characters in order to use the specified PIM.\nShorter passwords can only be used if the PIM is 485 or greater.</entry>
<entry lang="en" key="BOOT_PIM_REQUIRE_LONG_PASSWORD">Pre-boot authentication Password must contain 20 or more characters in order to use the specified PIM.\nShorter passwords can only be used if the PIM is 98 or greater.</entry>
<entry lang="en" key="KEYFILES_NOT_SUPPORTED_FOR_SYS_ENCRYPTION">Keyfiles are currently not supported for system encryption.</entry>
<entry lang="en" key="CANNOT_RESTORE_KEYBOARD_LAYOUT">Warning: VeraCrypt could not restore the original keyboard layout. This may cause you to enter a password incorrectly.</entry>
<entry lang="en" key="CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION">Error: Cannot set the keyboard layout for VeraCrypt to the standard US keyboard layout.\n\nNote that the password needs to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout.</entry>
- <entry lang="en" key="ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION">As VeraCrypt temporarily changed the keyboard layout to the standard US keyboard layout, it is not possible to type characters by pressing keys while the right Alt key is held down. However, you can type most of such characters by pressing appropriate keys while the Shift key is held down.</entry>
+ <entry lang="en" key="ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION">It is not possible to type characters by pressing keys while the right Alt key is held down. However, you can type most of such characters by pressing appropriate keys while the Shift key is held down.</entry>
<entry lang="en" key="KEYB_LAYOUT_CHANGE_PREVENTED">VeraCrypt prevented change of keyboard layout.</entry>
<entry lang="en" key="KEYB_LAYOUT_SYS_ENC_EXPLANATION">Note: The password will need to be typed in the pre-boot environment (before Windows starts) where non-US Windows keyboard layouts are not available. Therefore, the password must always be typed using the standard US keyboard layout. However, it is important to note that you do NOT need a real US keyboard. VeraCrypt automatically ensures that you can safely type the password (right now and in the pre-boot environment) even if you do NOT have a real US keyboard.</entry>
<entry lang="en" key="RESCUE_DISK_INFO">Before you can encrypt the partition/drive, you must create a VeraCrypt Rescue Disk (VRD), which serves the following purposes:\n\n- If the VeraCrypt Boot Loader, master key, or other critical data gets damaged, the VRD allows you to restore it (note, however, that you will still have to enter the correct password then).\n\n- If Windows gets damaged and cannot start, the VRD allows you to permanently decrypt the partition/drive before Windows starts.\n\n- The VRD will contain a backup of the present content of the first drive track (which typically contains a system loader or boot manager) and will allow you to restore it if necessary.\n\nThe VeraCrypt Rescue Disk ISO image will be created in the location specified below.</entry>
<entry lang="en" key="RESCUE_DISK_WIN_ISOBURN_PRELAUNCH_NOTE">After you click OK, Microsoft Windows Disc Image Burner will be launched. Please use it to burn the VeraCrypt Rescue Disk ISO image to a CD or DVD.\n\nAfter you do so, return to the VeraCrypt Volume Creation Wizard and follow its instructions.</entry>
<entry lang="en" key="RESCUE_DISK_BURN_INFO">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to burn it to a CD or DVD.\n\n%lsAfter you burn the Rescue Disk, click Next to verify that it has been correctly burned.</entry>
<entry lang="en" key="RESCUE_DISK_BURN_INFO_NO_CHECK">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you should either burn the image to a CD/DVD or move it to a safe location for later use.\n\n%lsClick Next to continue.</entry>
<entry lang="en" key="RESCUE_DISK_BURN_INFO_NONWIN_ISO_BURNER">IMPORTANT: Note that the file must be written to the CD/DVD as an ISO disk image (not as an individual file). For information on how to do so, please refer to the documentation of your CD/DVD recording software. If you do not have any CD/DVD recording software that can write the ISO disk image to a CD/DVD, click the link below to download such free software.\n\n</entry>
<entry lang="en" key="LAUNCH_WIN_ISOBURN">Launch Microsoft Windows Disc Image Burner</entry>
<entry lang="en" key="RESCUE_DISK_BURN_NO_CHECK_WARN">WARNING: If you already created a VeraCrypt Rescue Disk in the past, it cannot be reused for this system partition/drive because it was created for a different master key! Every time you encrypt a system partition/drive, you must create a new VeraCrypt Rescue Disk for it even if you use the same password.</entry>
<entry lang="en" key="CANNOT_SAVE_SYS_ENCRYPTION_SETTINGS">Error: Cannot save system encryption settings.</entry>
@@ -1147,52 +1148,52 @@
<entry lang="en" key="WDE_UNSUPPORTED_FOR_MULTIPLE_SYSTEMS_ON_ONE_DRIVE">VeraCrypt currently does not support encrypting a whole drive that contains multiple operating systems.\n\nPossible Solutions:\n\n- You can still encrypt one of the systems if you go back and choose to encrypt only a single system partition (as opposed to choosing to encrypt the entire system drive).\n\n- Alternatively, you will be able to encrypt the entire drive if you move some of the systems to other drives leaving only one system on the drive you want to encrypt.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_ADJACENT_SYS_TITLE">Multiple Systems on Single Drive</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_ADJACENT_SYS_HELP">Are there any other operating systems installed on the drive on which the currently running operating system is installed?\n\nNote: For example, if the currently running operating system is installed on the drive #0, which contains several partitions, and if one of the partitions contains Windows and another partition contains any additional operating system (e.g. Windows, Mac OS X, Linux, etc.), select 'Yes'.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_TITLE">Non-Windows Boot Loader</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_NONWIN_BOOT_LOADER_HELP">Is a non-Windows boot loader (or boot manager) installed in the master boot record (MBR)?\n\nNote: For example, if the first track of the boot drive contains GRUB, LILO, XOSL, or some other non-Windows boot manager (or boot loader), select 'Yes'.</entry>
<entry lang="en" key="SYSENC_MULTI_BOOT_OUTCOME_TITLE">Multi-Boot</entry>
<entry lang="en" key="CUSTOM_BOOT_MANAGERS_IN_MBR_UNSUPPORTED">VeraCrypt currently does not support multi-boot configurations where a non-Windows boot loader is installed in the Master Boot Record.\n\nPossible Solutions:\n\n- If you use a boot manager to boot Windows and Linux, move the boot manager (typically, GRUB) from the Master Boot Record to a partition. Then start this wizard again and encrypt the system partition/drive. Note that the VeraCrypt Boot Loader will become your primary boot manager and it will allow you to launch the original boot manager (e.g. GRUB) as your secondary boot manager (by pressing Esc in the VeraCrypt Boot Loader screen) and thus you will be able boot Linux.</entry>
<entry lang="en" key="WINDOWS_BOOT_LOADER_HINTS">If the currently running operating system is installed on the boot partition, then, after you encrypt it, you will need to enter the correct password even if you want to start any other unencrypted Windows system(s) (as they will share a single encrypted Windows boot loader/manager).\n\nIn contrast, if the currently running operating system is not installed on the boot partition (or if the Windows boot loader/manager is not used by any other system), then, after you encrypt this system, you will not need to enter the correct password to boot the other unencrypted system(s) -- you will only need to press the Esc key to start the unencrypted system (if there are multiple unencrypted systems, you will also need to choose which system to start in the VeraCrypt Boot Manager menu).\n\nNote: Typically, the earliest installed Windows system is installed on the boot partition.</entry>
<entry lang="en" key="SYSENC_PRE_DRIVE_ANALYSIS_TITLE">Encryption of Host Protected Area</entry>
<entry lang="en" key="SYSENC_PRE_DRIVE_ANALYSIS_HELP">At the end of many drives, there is an area that is normally hidden from the operating system (such areas are usually referred to as Host Protected Areas). However, some programs can read and write data from/to such areas.\n\nWARNING: Some computer manufacturers may use such areas to store tools and data for RAID, system recovery, system setup, diagnostic, or other purposes. If such tools or data must be accessible before booting, the hidden area should NOT be encrypted (choose 'No' above).\n\nDo you want VeraCrypt to detect and encrypt such a hidden area (if any) at the end of the system drive?</entry>
- <entry lang="en" key="SYSENC_TYPE_PAGE_TITLE">Type of System Encryption</entry>
+ <entry lang="en" key="SYSENC_TYPE_PAGE_TITLE">Encrypt Windows Drive (%c:)</entry>
<entry lang="en" key="SYSENC_NORMAL_TYPE_HELP">Select this option if you merely want to encrypt the system partition or the entire system drive.</entry>
<entry lang="en" key="SYSENC_HIDDEN_TYPE_HELP">It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion). If you select this option, you will create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password to the hidden operating system. For a detailed explanation, please click the link below.</entry>
<entry lang="en" key="HIDDEN_OS_PREINFO">It may happen that you are forced by somebody to decrypt the operating system. There are many situations where you cannot refuse to do so (for example, due to extortion).\n\nUsing this wizard, you can create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password for the hidden operating system.</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_TITLE">Hidden Operating System</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_HELP">In the following steps, you will create two VeraCrypt volumes (outer and hidden) within the first partition behind the system partition. The hidden volume will contain the hidden operating system (OS). VeraCrypt will create the hidden OS by copying the content of the system partition (where the currently running OS is installed) to the hidden volume. To the outer volume, you will copy some sensitive looking files that you actually do NOT want to hide. They will be there for anyone forcing you to disclose the password for the hidden OS partition. You can reveal the password for the outer volume within the hidden OS partition (the existence of the hidden OS remains secret).\n\nFinally, on the system partition of the currently running OS, you will install a new OS, so-called decoy OS, and encrypt it. It must not contain sensitive data and will be there for anyone forcing you to reveal your pre-boot authentication password. In total, there will be three passwords. Two of them can be disclosed (for the decoy OS and outer volume). If you use the third one, the hidden OS will start.</entry>
<entry lang="en" key="SYSENC_DRIVE_ANALYSIS_TITLE">Detecting Hidden Sectors</entry>
<entry lang="en" key="SYSENC_DRIVE_ANALYSIS_INFO">Please wait while VeraCrypt is detecting possible hidden sectors at the end of the system drive. Note that it may take a long time to complete.\n\nNote: In very rare cases, on some computers, the system may become unresponsive during this detection process. If it happens, restart the computer, start VeraCrypt, repeat the previous steps but skip this detection process. Note that this issue is not caused by a bug in VeraCrypt.</entry>
<entry lang="en" key="SYS_ENCRYPTION_SPAN_TITLE">Area to Encrypt</entry>
<entry lang="en" key="SYS_ENCRYPTION_SPAN_WHOLE_SYS_DRIVE_HELP">Select this option if you want to encrypt the entire drive on which the currently running Windows system is installed. The whole drive, including all its partitions, will be encrypted except the first track where the VeraCrypt Boot Loader will reside. Anyone who wants to access a system installed on the drive, or files stored on the drive, will need to enter the correct password each time before the system starts. This option cannot be used to encrypt a secondary or external drive if Windows is not installed on it and does not boot from it.</entry>
<entry lang="en" key="COLLECTING_RANDOM_DATA_TITLE">Collecting Random Data</entry>
<entry lang="en" key="KEYS_GEN_TITLE">Keys Generated</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT">VeraCrypt has found no CD/DVD burner connected to your computer. VeraCrypt needs a CD/DVD burner to burn a bootable VeraCrypt Rescue Disk containing a backup of the encryption keys, VeraCrypt boot loader, original system loader, etc.\n\nWe strongly recommend that you burn the VeraCrypt Rescue Disk.</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_STORE_ISO">I have no CD/DVD burner but I will store the Rescue Disk ISO image on a removable drive (e.g. USB flash drive).</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_CONNECT_LATER">I will connect a CD/DVD burner to my computer later. Terminate the process now.</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_CONNECTED_NOW">A CD/DVD burner is connected to my computer now. Continue and write the Rescue Disk.</entry>
<entry lang="en" key="CD_BURNER_NOT_PRESENT_WILL_STORE_ISO_INFO">Please follow these steps:\n\n1) Connect a removable drive, such as a USB flash drive, to your computer now.\n\n2) Copy the VeraCrypt Rescue Disk image file (%s) to the removable drive.\n\nIn case you need to use the VeraCrypt Rescue Disk in the future, you will be able to connect your removable drive (containing the VeraCrypt Rescue Disk image) to a computer with a CD/DVD burner and create a bootable VeraCrypt Rescue Disk by burning the image to a CD or DVD. IMPORTANT: Note that the VeraCrypt Rescue Disk image file must be written to the CD/DVD as an ISO disk image (not as an individual file).</entry>
<entry lang="en" key="RESCUE_DISK_RECORDING_TITLE">Rescue Disk Recording</entry>
<entry lang="en" key="RESCUE_DISK_CREATED_TITLE">Rescue Disk Created</entry>
- <entry lang="en" key="SYS_ENCRYPTION_PRETEST_TITLE">System Encryption Pretest</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_TITLE">System Encryption Test</entry>
<entry lang="en" key="RESCUE_DISK_DISK_VERIFIED_TITLE">Rescue Disk Verified</entry>
<entry lang="en" key="RESCUE_DISK_VERIFIED_INFO">\nThe VeraCrypt Rescue Disk has been successfully verified. Please remove it from the drive now and store it in a safe place.\n\nClick Next to continue.</entry>
<entry lang="en" key="REMOVE_RESCUE_DISK_FROM_DRIVE">WARNING: During the next steps, the VeraCrypt Rescue Disk must not be in the drive. Otherwise, it will not be possible to complete the steps correctly.\n\nPlease remove it from the drive now and store it in a safe place. Then click OK.</entry>
<entry lang="en" key="PREBOOT_NOT_LOCALIZED">Warning: Due to technical limitations of the pre-boot environment, texts displayed by VeraCrypt in the pre-boot environment (i.e. before Windows starts) cannot be localized. The VeraCrypt Boot Loader user interface is completely in English.\n\nContinue?</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO">Before encrypting your system partition or drive, VeraCrypt needs to verify that everything works correctly.\n\nAfter you click Test, all the necessary components (for example, the pre-boot authentication component, i.e. the VeraCrypt Boot Loader) will be installed and your computer will be restarted. Then you will have to enter your password in the VeraCrypt Boot Loader screen that will appear before Windows starts. After Windows starts, you will be automatically informed about the result of this pretest.\n\nThe following device will be modified: Drive #%d\n\n\nIf you click Cancel now, nothing will be installed and the pretest will not be performed.</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_1">IMPORTANT NOTES -- PLEASE READ OR PRINT (click 'Print'):\n\nNote that none of your files will be encrypted before you successfully restart your computer and start Windows. Thus, if anything fails, your data will NOT be lost. However, if something does go wrong, you might encounter difficulties in starting Windows. Therefore, please read (and, if possible, print) the following guidelines on what to do if Windows cannot start after you restart the computer.\n\n</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_2">What to Do If Windows Cannot Start\n------------------------------------------------\n\nNote: These instructions are valid only if you have not started encrypting.\n\n- If Windows does not start after you enter the correct password (or if you repeatedly enter the correct password but VeraCrypt says that the password is incorrect), do not panic. Restart (power off and on) the computer, and in the VeraCrypt Boot Loader screen, press the Esc key on your keyboard (and if you have multiple systems, choose which to start). Then Windows should start (provided that it is not encrypted) and VeraCrypt will automatically ask whether you want to uninstall the pre-boot authentication component. Note that the previous steps do NOT work if the system partition/drive is encrypted (nobody can start Windows or access encrypted data on the drive without the correct password even if he or she follows the previous steps).\n\n</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_3">- If the previous steps do not help or if the VeraCrypt Boot Loader screen does not appear (before Windows starts), insert the VeraCrypt Rescue Disk into your CD/DVD drive and restart your computer. If the VeraCrypt Rescue Disk screen does not appear (or if you do not see the 'Repair Options' item in the 'Keyboard Controls' section of the VeraCrypt Rescue Disk screen), it is possible that your BIOS is configured to attempt to boot from hard drives before CD/DVD drives. If that is the case, restart your computer, press F2 or Delete (as soon as you see a BIOS start-up screen), and wait until a BIOS configuration screen appears. If no BIOS configuration screen appears, restart (reset) the computer again and start pressing F2 or Delete repeatedly as soon as you restart (reset) the computer. When a BIOS configuration screen appears, configure your BIOS to boot from the CD/DVD drive first (for information on how to do so, please refer to the documentation for your BIOS/motherboard or contact your computer vendor's technical support team for assistance). Then restart your computer. The VeraCrypt Rescue Disk screen should appear now. In the VeraCrypt Rescue Disk screen, select 'Repair Options' by pressing F8 on your keyboard. From the 'Repair Options' menu, select 'Restore original system loader'. Then remove the Rescue Disk from your CD/DVD drive and restart your computer. Windows should start normally (provided that it is not encrypted).\n\n</entry>
<entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO2_PORTION_4">Note that the previous steps do NOT work if the system partition/drive is encrypted (nobody can start Windows or access encrypted data on the drive without the correct password even if he or she follows the previous steps).\n\n\nNote that even if you lose your VeraCrypt Rescue Disk and an attacker finds it, he or she will NOT be able to decrypt the system partition or drive without the correct password.</entry>
- <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_TITLE">Pretest Completed</entry>
- <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_INFO">The pretest has been successfully completed.\n\nWARNING: Please note that if power supply is suddenly interrupted while encrypting existing data in place, or when the operating system crashes due to a software error or hardware malfunction while VeraCrypt is encrypting existing data in place, portions of the data will be corrupted or lost. Therefore, before you start encrypting, please make sure that you have backup copies of the files you want to encrypt. If you do not, please back up the files now (you can click Defer, back up the files, then run VeraCrypt again anytime, and select 'System' &gt; 'Resume Interrupted Process' to start encrypting).\n\nWhen ready, click Encrypt to start encrypting.</entry>
- <entry lang="en" key="SYSENC_ENCRYPTION_PAGE_INFO">You can click Pause or Defer anytime to interrupt the process of encryption or decryption, exit this wizard, restart or shut down your computer, and then resume the process, which will continue from the point it was stopped. To prevent slowdown when the system or applications write or read data from the system drive, VeraCrypt automatically waits until the data is written or read (see Status above) and then automatically continues encrypting or decrypting.</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_TITLE">Pretest Successfully Completed</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_RESULT_INFO">If the encryption is interrupted you can resume it restarting VeraCrypt and selecting 'System' > 'Resume Interrupted Process'\n\nPlease make sure, that your device does not run out of power during the encryption process.</entry>
+ <entry lang="en" key="SYSENC_ENCRYPTION_PAGE_INFO">Make sure that your device does not run out of power.\nIf the encryption is interrupted you can resume it restarting VeraCrypt and selecting 'System' > 'Resume Interrupted Process'.</entry>
<entry lang="en" key="NONSYS_INPLACE_ENC_ENCRYPTION_PAGE_INFO">\n\nYou can click Pause or Defer anytime to interrupt the process of encryption, exit this wizard, restart or shut down your computer, and then resume the process, which will continue from the point it was stopped. Note that the volume cannot be mounted until it has been fully encrypted.</entry>
<entry lang="en" key="NONSYS_INPLACE_DEC_DECRYPTION_PAGE_INFO">\n\nYou can click Pause or Defer anytime to interrupt the process of decryption, exit this wizard, restart or shut down the computer, and then resume the process, which will continue from the point where it was stopped. Note that the volume cannot be mounted until it has been fully decrypted.</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_INITIAL_INFO_TITLE">Hidden System Started</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_WIPE_INFO_TITLE">Original System</entry>
<entry lang="en" key="SYSENC_HIDDEN_OS_WIPE_INFO">Windows creates (typically, without your knowledge or consent) various log files, temporary files, etc., on the system partition. It also saves the content of RAM to hibernation and paging files located on the system partition. Therefore, if an adversary analyzed files stored on the partition where the original system (of which the hidden system is a clone) resides, he might find out, for example, that you used the VeraCrypt wizard in the hidden-system-creation mode (which might indicate the existence of a hidden operating system on your computer).\n\nTo prevent such issues, VeraCrypt will, in the next steps, securely erase the entire content of the partition where the original system resides. Afterwards, in order to achieve plausible deniability, you will need to install a new system on the partition and encrypt it. Thus you will create the decoy system and the whole process of creation of the hidden operating system will be completed.</entry>
<entry lang="en" key="OS_WIPING_NOT_FINISHED_ASK">The hidden operating system has been successfully created. However, before you can start using it (and achieve plausible deniability), you need to securely erase (using VeraCrypt) the entire content of the partition where the currently running operating system is installed. Before you can do that, you need to restart the computer and, in the VeraCrypt Boot Loader screen (which appears before Windows starts), enter the pre-boot authentication password for the hidden operating system. Then, after the hidden system starts, the VeraCrypt wizard will be launched automatically.\n\nNote: If you choose to terminate the process of creation of the hidden operating system now, you will NOT be able to resume the process and the hidden system will NOT be accessible (because the VeraCrypt Boot Loader will be removed).</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_ASK">You have scheduled the process of creation of a hidden operating system. The process has not been completed yet. To complete it, you need to restart the computer and, in the VeraCrypt Boot Loader screen (which appears before Windows starts), enter the password for the hidden operating system.\n\nNote: If you choose to terminate the process of creation of the hidden operating system now, you will NOT be able to resume the process.</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_RETRY">Restart the computer and proceed</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_TERMINATE">Permanently terminate the process of creation of the hidden operating system</entry>
<entry lang="en" key="HIDDEN_OS_CREATION_NOT_FINISHED_CHOICE_ASK_LATER">Do nothing now and ask again later</entry>
@@ -1300,21 +1301,21 @@
<entry lang="en" key="MOUNTED_DEVICE_FORCED_READ_ONLY_WRITE_PROTECTION">Volume '%s' has been mounted as read-only because the operating system reported the host device to be write-protected.\n\nPlease note that some custom chipset drivers have been reported to cause writable media to falsely appear write-protected. This problem is not caused by VeraCrypt. It may be solved by updating or uninstalling any custom (non-Microsoft) chipset drivers that are currently installed on this system.</entry>
<entry lang="en" key="LIMIT_ENC_THREAD_POOL_NOTE">Note that the Hyper-Threading technology provides multiple logical cores per a single physical core. When Hyper Threading is enabled, the number selected above represents the number of logical processors/cores.</entry>
<entry lang="en" key="NUMBER_OF_THREADS">%d threads</entry>
<entry lang="en" key="DISABLED_HW_AES_AFFECTS_PERFORMANCE">Note that hardware-accelerated AES is disabled, which will affect benchmark results (worse performance).\n\nTo enable hardware acceleration, select 'Settings' > 'Performance' and enable the corresponding option.</entry>
<entry lang="en" key="LIMITED_THREAD_COUNT_AFFECTS_PERFORMANCE">Note that the number of threads is currently limited, which will affect benchmark results (worse performance).\n\nTo utilize the full potential of the processor(s), select 'Settings' > 'Performance' and disable the corresponding option.</entry>
<entry lang="en" key="ASK_REMOVE_DEVICE_WRITE_PROTECTION">Do you want VeraCrypt to attempt to disable write protection of the partition/drive?</entry>
<entry lang="en" key="CONFIRM_SETTING_DEGRADES_PERFORMANCE">WARNING: This setting may degrade performance.\n\nAre you sure you want to use this setting?</entry>
<entry lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN_TITLE">Warning: VeraCrypt volume auto-dismounted</entry>
<entry lang="en" key="HOST_DEVICE_REMOVAL_DISMOUNT_WARN">Before you physically remove or turn off a device containing a mounted volume, you should always dismount the volume in VeraCrypt first.\n\nUnexpected spontaneous dismount is usually caused by an intermittently failing cable, drive (enclosure), etc.</entry>
<entry lang="en" key="UNSUPPORTED_TRUECRYPT_FORMAT">This volume was created with TrueCrypt %x.%x but VeraCrypt supports only TrueCrypt volumes created with TrueCrypt 6.x/7.x series</entry>
- <entry lang="en" key="TEST">Test</entry>
+ <entry lang="en" key="TEST">Start pretest</entry>
<entry lang="en" key="KEYFILE">Keyfile</entry>
<entry lang="en" key="VKEY_08">Backspace</entry>
<entry lang="en" key="VKEY_09">Tab</entry>
<entry lang="en" key="VKEY_0C">Clear</entry>
<entry lang="en" key="VKEY_0D">Enter</entry>
<entry lang="en" key="VKEY_13">Pause</entry>
<entry lang="en" key="VKEY_14">Caps Lock</entry>
<entry lang="en" key="VKEY_20">Spacebar</entry>
<entry lang="en" key="VKEY_21">Page Up</entry>
<entry lang="en" key="VKEY_22">Page Down</entry>
@@ -1393,23 +1394,23 @@
<entry lang="en" key="DISABLE_BOOT_LOADER_PIM_PROMPT">WARNING: Please keep in mind that if you enable this option, the PIM value will be stored unencrypted on the disk.\n\nAre you sure you want to enable this option?</entry>
<entry lang="en" key="PIM_TOO_BIG">Personal Iterations Multiplier (PIM) maximum value is 2147468.</entry>
<entry lang="en" key="IDC_SKIP_RESCUE_VERIFICATION">Skip Rescue Disk verification</entry>
<entry lang="en" key="IDC_HIDE_WAITING_DIALOG">Don't show wait message dialog when performing operations</entry>
<entry lang="en" key="IDC_DISABLE_BOOT_LOADER_HASH_PROMPT">Do not request Hash algorithm in the pre-boot authentication screen</entry>
<entry lang="en" key="KUZNYECHIK_HELP">Kuznyechik is a block cipher first published in 2015 and defined in the National Standard of the Russian Federation GOST R 34.12-2015 and also in RFC 7801. 256-bit key, 128-bit block. Mode of operation is XTS.</entry>
<entry lang="en" key="CAMELLIA_HELP">Jointly developed by Mitsubishi Electric and NTT of Japan. First published on 2000. 256-bit key, 128-bit block. Mode of operation is XTS. It has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project.</entry>
<entry lang="en" key="TIME">Time</entry>
<entry lang="en" key="ITERATIONS">Iterations</entry>
<entry lang="en" key="PRE-BOOT">Pre-Boot</entry>
- <entry lang="en" key="RESCUE_DISK_EFI_INFO">Before you can encrypt the partition, you must create a VeraCrypt Rescue Disk (VRD), which serves the following purposes:\n\n- If the VeraCrypt Boot Loader, master key, or other critical data gets damaged, the VRD allows you to restore it (note, however, that you will still have to enter the correct password then).\n\n- If Windows gets damaged and cannot start, the VRD allows you to permanently decrypt the partition before Windows starts.\n\n- The VRD will contain a backup of the present EFI boot loader and will allow you to restore it if necessary.\n\nThe VeraCrypt Rescue Disk ZIP image will be created in the location specified below.</entry>
+ <entry lang="en" key="RESCUE_DISK_EFI_INFO">\n\nIf Windows gets damaged and cannot start, the VeraCrypt Rescue Disk allows you to permanently decrypt the partition. Note, however, that you will still have to enter the correct password then!\n\n\nWARNING: If you have already created a VeraCrypt Rescue Disk in the past, it cannot be reused for this encryption! Every time you use this encryption tool, you must create and securely store a new VeraCrypt Rescue Disk for it even if you use the same password.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you need to extract it to a USB stick that is formatted as FAT/FAT32.\n\n%lsAfter you create the Rescue Disk, click Next to verify that it has been correctly created.</entry>
- <entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NO_CHECK">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you should either extract the image to a USB stick that is formatted as FAT/FAT32 or move it to a safe location for later use.\n\n%lsClick Next to continue.</entry>
+ <entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NO_CHECK">The Rescue Disk ZIP image has been created and stored in this file:\n%s\n\nNow you should either extract the image to a USB stick that is formatted as FAT/FAT32 or move it to a safe location for later use.\n\n\n\n%lsClick Next to continue.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_EXTRACT_INFO_NOTE">IMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\n</entry>
<entry lang="en" key="RESCUE_DISK_EFI_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk, please eject and reinsert the USB stick; then click Next to try again. If this does not help, please try another USB stick and/or another ZIP software.\n\nIf you have not extracted the Rescue Disk yet, please do so, and then click Next.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created before you started this wizard, please note that such Rescue Disk cannot be used, because it was created for a different master key. You need to extract the newly generated Rescue Disk ZIP image.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CHECK_FAILED">Cannot verify that the Rescue Disk has been correctly extracted.\n\nIf you have extracted the Rescue Disk image to a USB stick, please eject it and reinsert it; then try again. If this does not help, please try other ZIP software and/or medium.\n\nIf you attempted to verify a VeraCrypt Rescue Disk created for a different master key, password, salt, etc., please note that such Rescue Disk will always fail this verification. To create a new Rescue Disk fully compatible with your current configuration, select 'System' > 'Create Rescue Disk'.</entry>
<entry lang="en" key="RESCUE_DISK_EFI_NON_WIZARD_CREATION">The Rescue Disk image has been created and stored in this file:\n%s\n\nNow you need to extract the Rescue Disk image to a USB stick that is formatted as FAT/FAT32.\n\nIMPORTANT: Note that the zip file must be extracted directly to the root of the USB stick. For example, if the drive letter of the USB stick is E: then extracting the zip file should create a folder E:\\EFI on the USB stick.\n\nAfter you create the Rescue Disk, select 'System' > 'Verify Rescue Disk' to verify that it has been correctly created.</entry>
<entry lang="en" key="IDC_SECURE_DESKTOP_PASSWORD_ENTRY">Use Secure Desktop for password entry</entry>
<entry lang="en" key="ERR_REFS_INVALID_VOLUME_SIZE">The volume file size specified in the command line is incompatible with selected ReFS filesystem.</entry>
<entry lang="en" key="IDC_EDIT_DCSPROP">Edit Boot Loader Configuration</entry>
<entry lang="en" key="IDC_SHOW_PLATFORMINFO">Display EFI Platform Information</entry>
<entry lang="en" key="BOOT_LOADER_CONFIGURATION_FILE">Boot Loader Configuration File</entry>
<entry lang="en" key="EFI_PLATFORM_INFORMATION">EFI Platform Information</entry>
@@ -1418,21 +1419,21 @@
<entry lang="en" key="IDT_ADVANCED_OPTIONS">Advanced Options</entry>
<entry lang="en" key="AFTER_UPGRADE_RESCUE_DISK">It is strongly recommended that you create a new VeraCrypt Rescue Disk (which will contain the new version of the VeraCrypt Boot Loader) by selecting 'System' > 'Create Rescue Disk'.\nDo you want to do it now?</entry>
<entry lang="en" key="IDC_ALLOW_TRIM_NONSYS_SSD">Allow TRIM command for non-system SSD partition/drive</entry>
<entry lang="en" key="IDC_BLOCK_SYSENC_TRIM">Block TRIM command on system partition/drive</entry>
<entry lang="en" key="WINDOWS_EFI_BOOT_LOADER_MISSING">ERROR: Windows EFI system loader could not be located on the disk. Operation will be aborted.</entry>
<entry lang="en" key="SYSENC_EFI_UNSUPPORTED_SECUREBOOT">It is currently not possible to encrypt a system if SecureBoot is enabled and if VeraCrypt custom keys are not loaded into the machine firmware. SecureBoot needs to be disabled in the BIOS configuration in order to allow system encryption to proceed.</entry>
<entry lang="en" key="PASSWORD_PASTED_TRUNCATED">Pasted text truncated because the password maximum length is %d characters</entry>
<entry lang="en" key="PASSWORD_MAXLENGTH_REACHED">Password already reached its maximum length of %d characters.\nNo additional character is allowed.</entry>
<entry lang="en" key="IDC_SELECT_LANGUAGE_LABEL">Select the language to use during the installation:</entry>
<entry lang="en" key="VOLUME_TOO_LARGE_FOR_HOST">ERROR: The size of the file container is larger than the available free space on disk.</entry>
- <entry lang="en" key="IDC_ALLOW_WINDOWS_DEFRAG">Allow Windows Disk Defragmenter to defragment non-system partition/drive</entry>
+ <entry lang="en" key="IDC_ALLOW_WINDOWS_DEFRAG">Allow Windows Disk Defragmenter to defragment non-system partition/drive</entry>
<entry lang="en" key="CONFIRM_ALLOW_WINDOWS_DEFRAG">WARNING: Defragmenting non-system partitions/drives may leak metadata about their content or cause issues with hidden volumes they may contain.\n\nContinue?</entry>
<entry lang="en" key="VIRTUAL_DEVICE">Virtual Device</entry>
<entry lang="en" key="MOUNTED_VOLUME_NOT_ASSOCIATED">The selected mounted volume is not associated with its drive letter in Windows and so it can not be opened in Windows Explorer.</entry>
<entry lang="en" key="IDC_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION">Clear encryption keys from memory if a new device is inserted</entry>
<entry lang="en" key="CLEAR_KEYS_ON_DEVICE_INSERTION_WARNING">IMPORTANT NOTES:\n - Please keep in mind that this option will not persist after a shutdown/reboot so you will need to select it again next time the machine is started.\n\n - With this option enabled and after a new device is connected, the machine will freeze and it will eventually crash with a BSOD since Windows can not access the encrypted disk after its keys are cleared from memory.\n</entry>
<entry lang="en" key="STARTING">Starting</entry>
<entry lang="en" key="IDC_ENABLE_CPU_RNG">Use CPU hardware random generator as an additional source of entropy</entry>
<entry lang="en" key="IDC_USE_LEGACY_MAX_PASSWORD_LENGTH">Use legacy maximum password length (64 characters)</entry>
<entry lang="en" key="IDC_ENABLE_RAM_ENCRYPTION">Activate encryption of keys and passwords stored in RAM</entry>
<entry lang="en" key="IDT_BENCHMARK">Benchmark:</entry>
@@ -1561,20 +1562,67 @@
<entry lang="en" key="PARAMETER_INCORRECT">Parameter incorrect</entry>
<entry lang="en" key="SELECT_KEYFILES">Select Keyfiles</entry>
<entry lang="en" key="START_TC">Start VeraCrypt</entry>
<entry lang="en" key="VOLUME_ALREADY_MOUNTED">The volume {0} is already mounted.</entry>
<entry lang="en" key="UNKNOWN_OPTION">Unknown option</entry>
<entry lang="en" key="VOLUME_LOCATION">Volume Location</entry>
<entry lang="en" key="VOLUME_HOST_IN_USE">WARNING: The host file/device {0} is already in use!\n\nIgnoring this can cause undesired results including system instability. All applications that might be using the host file/device should be closed before mounting the volume.\n\nContinue mounting?</entry>
<entry lang="en" key="CANT_INSTALL_WITH_EXE_OVER_MSI">VeraCrypt was previously installed using an MSI package and so it can't be updated using the standard installer.\n\nPlease use the MSI package to update your VeraCrypt installation.</entry>
<entry lang="en" key="IDC_USE_ALL_FREE_SPACE">Use all available free space</entry>
<entry lang="en" key="SYS_ENCRYPTION_UPGRADE_UNSUPPORTED_ALGORITHM">VeraCrypt cannot be upgraded because the system partition/drive was encrypted using an algorithm that is not supported anymore.\nPlease decrypt your system before upgrading VeraCrypt and then encrypt it again.</entry>
+ <entry lang="en" key="RESCUE_DISK_BACK_BUTTON">The Rescue Disk was already created depending on the selected options. In order to prevent incompatibility, you have to click 'cancel' and restart the system encryption process, if you want to modify any configuration.</entry>
+ <entry lang="en" key="AES_BOX_HELP">AES is secure according to NIST</entry>
+ <entry lang="en" key="BACKUP_RESCUE_DISK_TITLE">Backup Rescue Disk</entry>
+ <entry lang="en" key="RESCUE_DISK_CHECKLIST_A">Store your password in a safe location. You can not recover your data without your password.\nThat is why VeraCrypt is considered to be secure.</entry>
+ <entry lang="en" key="RESCUE_DISK_CHECKLIST_B">Make sure that the rescue file is stored on an external medium. This could be a flash drive, an external hard drive or even a cloud storage.\nYour rescue file is located here:</entry>
+ <entry lang="en" key="RESCUE_DISK_CHECKLIST_C">Before you start encrypting your system, it is always a good idea to backup your personal data on an external drive for the unlikely case that the encryption process fails.</entry>
+ <entry lang="en" key="RESCUE_DISK_INFO_2">The VeraCrypt Rescue Disk ZIP image will be created by clicking the Next button in location specified below.</entry>
+ <entry lang="en" key="REMEMBER_PASSWORD"> I remember my Password</entry>
+ <entry lang="en" key="STORE_RESCUE_DISK"> I stored my rescue file</entry>
+ <entry lang="en" key="BACKUP_DATA"> I considered doing a backup of my personal Data</entry>
+ <entry lang="en" key="CHECKLIST_TITLE">Checklist - Before clicking 'Next'</entry>
+ <entry lang="en" key="SYS_ENCRYPTION_PRETEST_INFO">Some tests have to be done now to verify that everything works correctly.\n\nFor this test, your computer has to be restarted. Then you will have to enter your password in the VeraCrypt Boot Loader screen that will appear before Windows starts. After Windows starts, VeraCrypt is started automatically and you will be informed about the result of this pretest.\n\n\nThe following device will be modified: Drive %c:</entry>
+ <entry lang="en" key="SYSENC_DECRYPTION_PAGE_INFO">Make sure that your device does not run out of power.\nIf the decryption is interrupted you can resume it restarting VeraCrypt and selecting 'System' > 'Resume Interrupted Process'.</entry>
+ <entry lang="en" key="ADVANCED_FEATURES">Advanced features</entry>
+ <entry lang="en" key="VERY_WEAK_PASSWORD">very weak</entry>
+ <entry lang="en" key="WEAK_PASSWORD">weak</entry>
+ <entry lang="en" key="MEDIUM_PASSWORD">medium</entry>
+ <entry lang="en" key="STRONG_PASSWORD">strong</entry>
+ <entry lang="en" key="VERY_STRONG_PASSWORD">very strong</entry>
+ <entry lang="en" key="IDT_PASSWORD_STRENGTH">Password strength:</entry>
+ <entry lang="en" key="PASSWORD_HELP_SYSENC">You might consider to write the password down somewhere safe. Please note, that the field to repeat your password is greyed out until your password has the minimum required strength.</entry>
+ <entry lang="en" key="AES_HELP_NEW">AES is secure accoring to the National Institute of Standards and Technology (NIST) and the privacy and security research community.</entry>
+ <entry lang="en" key="SHA512_HELP">SHA-512 is secure accoring to the National Institute of Standards and Technology (NIST) and the privacy and security research community.</entry>
+ <entry lang="en" key="CHOOSE_PASSWORD_TITLE">Choose Password</entry>
+ <entry lang="en" key="TRANSLATED_PWD_NOT_WRITTEN">Warning: Error occured while writing translated password! Please try again. If this error happens again, change keyboard layout to US keyboard layout manually.</entry>
+ <entry lang="en" key="ERROR_TRANSLATE_PWD">Warning: Error occured while translating password!\nPlease type password again and try. If this error happens again, switch keyboard layout to US keyboard layout manually.</entry>
+ <entry lang="en" key="ERROR_KEYB_LAYOUT_NOT_LOADED">Your system does not support the standard US-Keyboard layout. Please make sure the layout is available. For further help, please visit: https://support.microsoft.com/en-us/windows/manage-the-input-and-display-language-settings-in-windows-10-12a10cb4-8626-9b77-0ccb-5013e0c7c7a2 </entry>
+ <entry lang="en" key="ERROR_PASTE_ACTION">Pasting text is disabled. Please type your password.</entry>
+ <entry lang="en" key="WARNING_PASSWORD_NOT_IDENTICAL">Passwords are not identical! Please type identic passwords in both fields!</entry>
+ <entry lang="en" key="SYSENC_INFO">This assistant will help you encrypt your drive (%c:)</entry>
+ <entry lang="en" key="SYSENC_INFO_2">A windows password can easily be circumvented by bad actors with physical access to your device. Drive encryption helps to secure your data from beeing accessed by bad actors. VeraCrypt Drive Encryption will keep them out by protecting your data with an additional password. </entry>
+ <entry lang="en" key="ADV_FEATURES_INTRO_TOOLTIP">Activate hidden OS here.</entry>
+ <entry lang="en" key="ADV_FEATURES_NOTE">Most experts agree that the following preselected options are secure. Only change them if you know what you are doing. </entry>
+ <entry lang="en" key="PIM_INFO">A Personal Iterations Multiplier (PIM) allows you to set the number of password hash iterations. This provides more flexibility for adjusting the desired security level while also controling the performance of the mount/boot operation.</entry>
+ <entry lang="en" key="WIPE_INFO">Overrides your data before the encryption. This prevents possible data recovery. Wipe is not needed under normal circumstances.</entry>
+ <entry lang="en" key="PRETEST_INFO">Before encrypting VeraCrypt will verify that everything is working correctly.\n\nVeraCrypt will run some tests, restart your computer and you have to enter you password before windows starts.</entry>
+ <entry lang="en" key="PRETEST_CANCEL">If you click cancel now, no changes will be made your system.</entry>
+ <entry lang="en" key="ERROR_GETTING_PATH">Error occured while getting path to executable file.</entry>
+ <entry lang="en" key="ERROR_GETTING_PWD">Error occured while getting the password. Please try again.</entry>
+ <entry lang="en" key="ERROR_GETTING_KEYB_STATE">Error occured while getting the keyboard state.</entry>
+ <entry lang="en" key="ERR_NO_TRANSLATION">There is no translation for that key you just pressed!</entry>
+ <entry lang="en" key="DEAD_KEY_SUPPORT">Dead keys will not reproduce dead char in this case because your password need to be translated to US keyboard layout so you can type your password in pre-boot environment.</entry>
+ <entry lang="en" key="PRETEST_CHECKBOX"> I made sure that my device will not run out of power during the encryption process.</entry>
+ <entry lang="en" key="OPEN_PATH_CHECKLIST_PAGE">Open path</entry>
+ <entry lang="en" key="RESCUE_DISK_PATH">Rescue Disk Path</entry>
+ <entry lang="en" key="PRETEST_BACK_BUTTON">If you want to cancel the encryption wizard, please click on cancel. In this case no changes will be made to your computer.</entry>
+ <entry lang="en" key="WIPE_WARNING">Wiping can take a long time (Up to hours). Wiping is not recommended if you have an SSD Drive.</entry>
</localization>
<xs:schema attributeFormDefault="unqualified" elementFormDefault="qualified" xmlns:xs="http://www.w3.org/2001/XMLSchema">
<xs:element name="VeraCrypt">
<xs:complexType>
<xs:sequence>
<xs:element name="localization">
<xs:complexType>
<xs:sequence>
<xs:element name="language">
<xs:complexType>
diff --git a/src/Common/Password.c b/src/Common/Password.c
index 4caf3a21..3c9faa82 100644
--- a/src/Common/Password.c
+++ b/src/Common/Password.c
@@ -32,33 +32,39 @@
void VerifyPasswordAndUpdate (HWND hwndDlg, HWND hButton, HWND hPassword,
HWND hVerify, unsigned char *szPassword,
char *szVerify,
BOOL keyFilesEnabled)
{
wchar_t szTmp1[MAX_PASSWORD + 1];
wchar_t szTmp2[MAX_PASSWORD + 1];
char szTmp1Utf8[MAX_PASSWORD + 1];
char szTmp2Utf8[MAX_PASSWORD + 1];
int k = GetWindowTextLength (hPassword);
+ int j = GetWindowTextLength (hVerify);
BOOL bEnable = FALSE;
int utf8Len1, utf8Len2;
UNREFERENCED_PARAMETER (hwndDlg); /* Remove warning */
GetWindowText (hPassword, szTmp1, ARRAYSIZE (szTmp1));
GetWindowText (hVerify, szTmp2, ARRAYSIZE (szTmp2));
utf8Len1 = WideCharToMultiByte (CP_UTF8, 0, szTmp1, -1, szTmp1Utf8, MAX_PASSWORD + 1, NULL, NULL);
utf8Len2 = WideCharToMultiByte (CP_UTF8, 0, szTmp2, -1, szTmp2Utf8, MAX_PASSWORD + 1, NULL, NULL);
if (wcscmp (szTmp1, szTmp2) != 0)
+ {
bEnable = FALSE;
+ if(k > 0 && j == k)
+ Warning ("WARNING_PASSWORD_NOT_IDENTICAL", hwndDlg);
+
+ }
else if (utf8Len1 <= 0)
bEnable = FALSE;
else
{
if (k >= MIN_PASSWORD || keyFilesEnabled)
bEnable = TRUE;
else
bEnable = FALSE;
}
@@ -138,25 +144,20 @@ BOOL CheckPasswordLength (HWND hwndDlg, unsigned __int32 passwordLength, int pim
{
BOOL bootPimCondition = (bForBoot && (bootPRF != SHA512 && bootPRF != WHIRLPOOL))? TRUE : FALSE;
BOOL bCustomPimSmall = ((pim != 0) && (pim < (bootPimCondition? 98 : 485)))? TRUE : FALSE;
if (passwordLength < PASSWORD_LEN_WARNING)
{
if (bCustomPimSmall)
{
Error (bootPimCondition? "BOOT_PIM_REQUIRE_LONG_PASSWORD": "PIM_REQUIRE_LONG_PASSWORD", hwndDlg);
return FALSE;
}
-
-#ifndef _DEBUG
- if (!bSkipPasswordWarning && (MessageBoxW (hwndDlg, GetString ("PASSWORD_LENGTH_WARNING"), lpszTitle, MB_YESNO|MB_ICONWARNING|MB_DEFBUTTON2) != IDYES))
- return FALSE;
-#endif
}
#ifndef _DEBUG
else if (bCustomPimSmall)
{
if (!bSkipPimWarning && AskWarnNoYes ("PIM_SMALL_WARNING", hwndDlg) != IDYES)
return FALSE;
}
#endif
if ((pim != 0) && (pim > (bootPimCondition? 98 : 485)))
@@ -556,11 +557,10 @@ error:
&& bDevice
&& !UacElevated
&& IsUacSupported ())
return nStatus;
if (nStatus != 0)
handleError (hwndDlg, nStatus, SRC_POS);
return nStatus;
}
-
diff --git a/src/Format/Format.rc b/src/Format/Format.rc
index d4a9a5f5..8a14f413 100644
--- a/src/Format/Format.rc
+++ b/src/Format/Format.rc
@@ -78,27 +78,27 @@ IDR_FORMAT_TLB TYPELIB "Format.tlb"
//
// Dialog
//
IDD_VOL_CREATION_WIZARD_DLG DIALOGEX 0, 0, 450, 250
STYLE DS_SETFONT | DS_SETFOREGROUND | DS_FIXEDSYS | DS_CENTER | WS_MINIMIZEBOX | WS_POPUP | WS_CAPTION | WS_SYSMENU
CAPTION "VeraCrypt Volume Creation Wizard"
CLASS "VeraCryptCustomDlg"
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- PUSHBUTTON "&Help",IDHELP,166,234,60,14
- PUSHBUTTON "",IDC_PREV,238,234,60,14
- DEFPUSHBUTTON "",IDC_NEXT,310,234,60,14
+ PUSHBUTTON "&Documentation",IDHELP,166,234,60,14
+ PUSHBUTTON "",IDC_PREV,243,234,60,14
+ DEFPUSHBUTTON "",IDC_NEXT,305,234,60,14
PUSHBUTTON "Cancel",IDCANCEL,382,234,60,14
- LTEXT "",IDC_BOX_TITLE,160,8,283,17
- GROUPBOX "",IDC_STATIC,4,0,439,230
- CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,9,137,193
+ LTEXT "",IDC_BOX_TITLE,160,10,283,17
+ GROUPBOX "",IDC_STATIC,4,0,440,230
+ CONTROL 116,IDC_BITMAP_WIZARD,"Static",SS_BITMAP | SS_SUNKEN,10,18,137,200
LTEXT "",IDC_POS_BOX,160,24,281,193
END
IDD_CIPHER_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
COMBOBOX IDC_COMBO_BOX,7,23,172,126,CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
PUSHBUTTON "&Test",IDC_CIPHER_TEST,191,22,81,14
PUSHBUTTON "&Benchmark",IDC_BENCHMARK,191,122,81,14
@@ -107,29 +107,35 @@ BEGIN
GROUPBOX "Encryption Algorithm",IDT_ENCRYPTION_ALGO,0,10,273,131
GROUPBOX "Hash Algorithm",IDT_HASH_ALGO,0,156,273,35
LTEXT "More information",IDC_LINK_MORE_INFO_ABOUT_CIPHER,7,124,176,10,SS_NOTIFY
LTEXT "Information on hash algorithms",IDC_LINK_HASH_INFO,121,171,148,8,SS_NOTIFY
END
IDD_PASSWORD_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_PASSWORD,71,3,202,14,ES_PASSWORD | ES_AUTOHSCROLL
- EDITTEXT IDC_VERIFY,71,19,202,14,ES_PASSWORD | ES_AUTOHSCROLL
- CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,35,103,10
- PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,182,36,91,14,WS_DISABLED
- CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,45,108,11,WS_EX_TRANSPARENT
- CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,56,114,10
- RTEXT "Password:",IDT_PASSWORD,1,6,68,8
- RTEXT "&Confirm:",IDT_CONFIRM,1,23,68,8
- LTEXT "",IDC_BOX_HELP,0,71,273,121
+ EDITTEXT IDC_PASSWORD,69,3,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ EDITTEXT IDC_VERIFY,69,20,202,14,ES_PASSWORD | ES_AUTOHSCROLL
+ LTEXT "Password strength: ", IDT_PASSWORD_STRENGTH, 71, 54, 70, 10
+ LTEXT "", PASSWORD_METER, 140, 55, 50, 20
+ CONTROL "&Display password",IDC_SHOW_PASSWORD,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,41,108,11,WS_EX_TRANSPARENT
+ RTEXT "Password:", IDT_PASSWORD, 1, 6, 40, 8
+ RTEXT "&Confirm:", IDT_CONFIRM, 1, 23, 40, 8
+ LTEXT "", IDC_BOX_HELP, 1, 95, 270, 120
+ PUSHBUTTON "Advanced features", IDC_ADVANCE, 203, 156, 68, 14, NOT WS_VISIBLE
+ CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP | NOT WS_VISIBLE,33,17,209,63,WS_EX_TRANSPARENT
+ CONTROL "", IDC_ENTROPY_BAR, "msctls_progress32", WS_BORDER | NOT WS_VISIBLE, 11, 140, 202, 6
+ CONTROL "U&se keyfiles",IDC_KEYFILES_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,64,103,10
+ PUSHBUTTON "&Keyfiles...",IDC_KEY_FILES,192,65,71,14,WS_DISABLED
+ CONTROL "Use P&IM",IDC_PIM_ENABLE,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,71,76,114,10
+
END
IDD_SIZE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_SIZEBOX,0,22,96,14,ES_AUTOHSCROLL | ES_NUMBER
CONTROL "&KB",IDC_KB,"Button",BS_AUTORADIOBUTTON | WS_GROUP | WS_TABSTOP,105,25,27,10
CONTROL "&MB",IDC_MB,"Button",BS_AUTORADIOBUTTON,140,25,27,10
CONTROL "&GB",IDC_GB,"Button",BS_AUTORADIOBUTTON,175,25,27,10
@@ -195,21 +201,22 @@ BEGIN
LTEXT "More information about system encryption",IDC_MORE_INFO_ON_SYS_ENCRYPTION,16,177,253,10,SS_NOTIFY
LTEXT "Creates a virtual encrypted disk within a file. Recommended for inexperienced users.",IDT_FILE_CONTAINER,16,20,253,16
LTEXT "Encrypts a non-system partition on any internal or external drive (e.g. a flash drive). Optionally, creates a hidden volume.",IDT_NON_SYS_DEVICE,16,68,253,26
LTEXT "Encrypts the partition/drive where Windows is installed. Anyone who wants to gain access and use the system, read and write files, etc., will need to enter the correct password each time before Windows boots. Optionally, creates a hidden system.",IDT_SYS_DEVICE,16,112,253,59
END
IDD_INFO_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- LTEXT "",IDC_BOX_HELP,0,31,269,155
+ LTEXT "",IDC_BOX_HELP,0,15,267,155
+ CONTROL "", IDC_CHECKBOX_PRETEST, "Button", BS_AUTOCHECKBOX | BS_MULTILINE | NOT WS_VISIBLE, 0, 150, 267, 50
END
IDD_HIDVOL_HOST_FILL_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
LTEXT "",IDC_BOX_HELP,0,6,269,167
PUSHBUTTON "Open Outer Volume",IDC_OPEN_OUTER_VOLUME,0,176,85,14
END
@@ -260,25 +267,26 @@ BEGIN
"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "Encrypt the whole drive",IDC_WHOLE_SYS_DRIVE,"Button",BS_AUTORADIOBUTTON,0,67,269,10
LTEXT "Select this option to encrypt the partition where the currently running Windows operating system is installed.",IDT_SYS_PARTITION,16,20,253,42
LTEXT "",IDT_WHOLE_SYS_DRIVE,16,82,253,104
END
IDD_SYSENC_RESCUE_DISK_CREATION_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- EDITTEXT IDC_RESCUE_DISK_ISO_PATH,0,180,201,13,ES_AUTOHSCROLL
- PUSHBUTTON "Bro&wse...",IDC_BROWSE,204,179,70,14
- LTEXT "",IDT_RESCUE_DISK_INFO,0,1,273,137
+ EDITTEXT IDC_RESCUE_DISK_ISO_PATH, 0, 159, 180, 13, ES_AUTOHSCROLL
+ PUSHBUTTON "Bro&wse...",IDC_BROWSE,185,159,70,14
+ LTEXT "",IDT_RESCUE_DISK_INFO,0,1,266,137
+ LTEXT "",IDT_RESCUE_DISK_INFO_2,0,135,266,20
CONTROL "Skip Rescue Disk verification",IDC_SKIP_RESCUE_VERIFICATION,
- "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,166,273,10
+ "Button",BS_AUTOCHECKBOX | WS_TABSTOP,0,178,273,10
END
IDD_SYSENC_COLLECTING_RANDOM_DATA_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "Display pool content",IDC_DISPLAY_POOL_CONTENTS,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,10,93,266,10
CONTROL "",IDC_SYS_POOL_CONTENTS,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,33,17,209,63,WS_EX_TRANSPARENT
LTEXT "IMPORTANT: Move your mouse as randomly as possible within this window. The longer you move it, the better. This significantly increases the cryptographic strength of the encryption keys. Then click Next to continue.",IDT_COLLECTING_RANDOM_DATA_NOTE,10,107,265,63
GROUPBOX "Current pool content (partial)",IDT_PARTIAL_POOL_CONTENTS,0,5,276,83
@@ -293,51 +301,60 @@ BEGIN
CONTROL "Single-boot",IDC_SINGLE_BOOT,"Button",BS_AUTORADIOBUTTON,0,7,269,10
CONTROL "Multi-boot",IDC_MULTI_BOOT,"Button",BS_AUTORADIOBUTTON,0,75,217,10
LTEXT "Select this option if there is only one operating system installed on this computer (even if it has multiple users).",IDT_SINGLE_BOOT,16,20,253,48
LTEXT "Select this option if there are two or more operating systems installed on this computer.\n\nFor example:\n- Windows XP and Windows XP\n- Windows XP and Windows Vista\n- Windows and Mac OS X\n- Windows and Linux\n- Windows, Linux and Mac OS X",IDT_MULTI_BOOT,16,89,253,90
END
IDD_SYSENC_RESCUE_DISK_BURN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- LTEXT "Download CD/DVD recording software",IDC_DOWNLOAD_CD_BURN_SOFTWARE,0,159,273,10,SS_NOTIFY
- LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,4,273,148
+ LTEXT "",IDT_RESCUE_DISK_BURN_INFO,0,15,275,170
END
IDD_SYSENC_WIPE_MODE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- COMBOBOX IDC_WIPE_MODE,88,0,138,90,CBS_DROPDOWNLIST | WS_TABSTOP
- RTEXT "Wipe mode:",IDT_WIPE_MODE,0,2,83,8,0,WS_EX_RIGHT
- LTEXT "",IDT_WIPE_MODE_INFO,0,19,269,167
+ CONTROL "A", IDC_CHECKLIST_A, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 0, 13, 10, 10
+ CONTROL "B", IDC_CHECKLIST_B, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 0, 60, 10, 10
+ CONTROL "C", IDC_CHECKLIST_C, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 0, 135, 10, 10
+ LTEXT " I remember my Password", IDC_REMEMBER_PASSWORD, 11, 13, 212, 10
+ LTEXT " I securely stored the Rescue Disk", IDC_STORE_RESCUE_DISK, 11, 60, 217, 10
+ LTEXT " I considered doing a backup of my personal Data", IDC_BACKUP_DATA, 11, 135, 226, 10
+ LTEXT "", IDT_REMEMBER_PASSWORD, 16, 26, 205, 32
+ LTEXT "", IDT_STORE_RESCUE_DISK, 16, 73, 205, 60
+ PUSHBUTTON "",IDC_BROWSE,16,109,60,14
+ LTEXT "", IDT_BACKUP_DATA, 16, 146, 205, 72
+ COMBOBOX IDC_WIPE_MODE,88,0,138,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ RTEXT "Wipe mode:", IDT_WIPE_MODE,0,2,83,8,0,WS_EX_RIGHT
+ LTEXT "", IDT_WIPE_MODE_INFO,0,19,269,167
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
- COMBOBOX IDC_WIPE_MODE,96,13,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
- PUSHBUTTON "&Pause",IDC_PAUSE,204,40,63,14
- LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,176,266,10,SS_NOTIFY
- LTEXT "",IDC_BYTESWRITTEN,29,58,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_WRITESPEED,110,58,56,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "",IDC_TIMEREMAIN,212,58,54,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
- RTEXT "Wipe mode:",IDT_WIPE_MODE,6,15,85,8,0,WS_EX_RIGHT
- CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,41,192,12
- RTEXT "Done",IDT_DONE,5,59,22,8
- RTEXT "Status",IDT_STATUS,73,59,33,8
- RTEXT "Left",IDT_LEFT,172,59,35,8
- LTEXT "",IDC_BOX_HELP,1,77,266,95
- GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,3,267,29
- GROUPBOX "",IDC_STATIC,0,32,267,41
+ COMBOBOX IDC_WIPE_MODE,96,60,125,90,CBS_DROPDOWNLIST | WS_TABSTOP
+ PUSHBUTTON "&Pause",IDC_PAUSE,204,8,63,14
+ LTEXT "More information",IDC_MORE_INFO_SYS_ENCRYPTION,1,176,266,10,SS_NOTIFY | NOT WS_VISIBLE
+ LTEXT "",IDC_BYTESWRITTEN,29,26,39,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_WRITESPEED,110,26,56,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "",IDC_TIMEREMAIN,212,26,54,11,SS_CENTERIMAGE,WS_EX_TRANSPARENT | WS_EX_RIGHT | WS_EX_STATICEDGE
+ RTEXT "Wipe mode:",IDT_WIPE_MODE,6,62,85,8,0,WS_EX_RIGHT
+ CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,6,9,192,12
+ RTEXT "Done",IDT_DONE,5,27,22,8
+ RTEXT "Status",IDT_STATUS,73,27,33,8
+ RTEXT "Left",IDT_LEFT,172,27,35,8
+ LTEXT "",IDC_BOX_HELP,1,100,266,90
+ GROUPBOX "",IDC_STATIC,0,3,268,41
+ GROUPBOX "Options",IDT_FORMAT_OPTIONS,0,50,268,29
END
IDD_SYSENC_KEYS_GEN_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
CONTROL "Display generated keys (their portions)",IDC_DISPLAY_KEYS,
"Button",BS_AUTOCHECKBOX | WS_TABSTOP,51,110,216,10
CONTROL "",IDC_HEADER_KEY,"Static",SS_LEFTNOWORDWRAP | WS_GROUP,100,87,163,8,WS_EX_TRANSPARENT
LTEXT "",IDC_DISK_KEY,100,95,163,8,0,WS_EX_TRANSPARENT
@@ -362,27 +379,43 @@ FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
LTEXT "",IDT_SYSENC_DRIVE_ANALYSIS_INFO,0,10,267,109
CONTROL "",IDC_PROGRESS_BAR,"msctls_progress32",PBS_SMOOTH | WS_BORDER,0,135,267,12
LTEXT "Progress:",IDT_PROGRESS,2,124,172,8
END
IDD_SYSENC_TYPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 400, 0, 0x1
BEGIN
- CONTROL "Normal",IDC_SYSENC_NORMAL,"Button",BS_AUTORADIOBUTTON,0,7,269,10
- CONTROL "Hi&dden",IDC_SYSENC_HIDDEN,"Button",BS_AUTORADIOBUTTON,0,64,269,10
- LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,16,173,253,10,SS_NOTIFY
- LTEXT "",IDC_BOX_HELP_SYSENC_NORMAL,16,20,253,41
- LTEXT "",IDC_BOX_HELP,16,78,253,90
+ LTEXT "", IDC_BOX_HELP, 5, 20, 250, 16
+ LTEXT "", IDT_SYSENC_INFO_2, 5, 50, 250, 60
+ PUSHBUTTON "Advanced features", IDC_ADVANCE_INTRO, 190, 160, 68, 14
+ CONTROL "", IDC_INFORMATION_TIP, "Static", SS_ICON | SS_NOTIFY, 262,163,10,5
+END
+
+IDD_ADVANCE_MBR DIALOGEX 102, -10, 245, 233
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Advanced Options"
+FONT 8, "MS Shell Dlg", 0, 0, 0x1
+BEGIN
+ CONTROL " Normal",IDC_SYSENC_NORMAL,"Button", BS_AUTOCHECKBOX, 10,40,200,10
+ CONTROL " Hi&dden",IDC_SYSENC_HIDDEN,"Button", BS_AUTOCHECKBOX, 10,99,200,10
+ LTEXT "Select this option if you merely want to encrypt the system partition or the entire system drive.",-1,26,57,200,30
+ LTEXT "If you select this option, you will create a hidden operating system whose existence should be impossible to prove (provided that certain guidelines are followed). Thus, you will not have to decrypt or reveal the password to the hidden operating system.",-1,26,116,200,50
+ LTEXT "For a detailed explanation, please click the Help button. ",-1,26,180,200,10
+ LTEXT "IMPORTANT: Only advanced users should make modifications on this page.", -1, 10, 12, 217, 19,
+
+ GROUPBOX "", -1, 6, 30, 232, 178
+ DEFPUSHBUTTON "OK", IDOK, 129, 213, 50, 14
+ PUSHBUTTON "Cancel", IDCANCEL, 180, 213, 50, 14
+ PUSHBUTTON "&Help",IDHELP,15,213,50,14
END
-
IDD_SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
LTEXT "More information",IDC_HIDDEN_SYSENC_INFO_LINK,0,172,273,10,SS_NOTIFY
LTEXT "",IDC_BOX_HELP,0,2,273,166
END
IDD_DEVICE_WIPE_PAGE_DLG DIALOGEX 0, 0, 276, 193
STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
@@ -446,20 +479,44 @@ STYLE DS_SETFONT | DS_FIXEDSYS | DS_CONTROL | WS_CHILD
FONT 8, "MS Shell Dlg", 0, 0, 0x0
BEGIN
EDITTEXT IDC_PIM,74,0,42,14,ES_RIGHT | ES_PASSWORD | ES_AUTOHSCROLL | ES_NUMBER
LTEXT "",IDC_BOX_HELP,0,32,273,142
RTEXT "Volume PIM:",IDT_PIM,1,3,69,8
LTEXT "(Empty or 0 for default iterations)",IDC_PIM_HELP,120,3,153,8
LTEXT "Information on PIM",IDC_LINK_PIM_INFO,0,179,273,8,SS_NOTIFY
CONTROL "Display PIM",IDC_SHOW_PIM,"Button",BS_AUTOCHECKBOX | WS_TABSTOP,74,17,196,10
END
+IDD_ADVANCE DIALOGEX 75, -62, 245, 362
+STYLE DS_SETFONT | DS_MODALFRAME | DS_FIXEDSYS | WS_POPUP | WS_CAPTION | WS_SYSMENU
+CAPTION "Advanced Algorithm Options"
+FONT 8, "MS Shell Dlg", 400, 0, 0x1
+BEGIN
+ DEFPUSHBUTTON "OK", IDOK, 129, 345, 50, 14
+ PUSHBUTTON "Cancel", IDCANCEL, 180, 345, 50, 14
+ COMBOBOX IDC_COMBO_BOX_HASH_ALGO, 21, 47, 137, 130, CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ LTEXT "", IDC_SHA512_HELP, 21, 65, 205, 40
+ COMBOBOX IDC_COMBO_BOX, 21, 113, 137, 126, CBS_DROPDOWNLIST | WS_VSCROLL | WS_TABSTOP
+ LTEXT "", IDC_BOX_HELP, 21, 131, 205, 40
+ PUSHBUTTON "&Verify", IDC_CIPHER_TEST, 40, 181, 59, 14
+ PUSHBUTTON "&Benchmark", IDC_BENCHMARK, 140, 181, 59, 14, BS_PUSHBUTTON | WS_TABSTOP | WS_VISIBLE
+ GROUPBOX "Encryption Algorithm", IDT_ENCRYPTION_ALGO, 14, 100, 217, 60
+ GROUPBOX "Hash Algorithm", IDT_HASH_ALGO, 14, 35, 217, 60
+ GROUPBOX "Test Algorithms", IDT_TEST_ALGO, 14, 168, 217, 35
+ GROUPBOX "PIM", -1, 14, 206, 217, 59
+ CONTROL "Modify P&IM", IDC_PIM_ENABLE, "Button", BS_AUTOCHECKBOX | WS_TABSTOP, 19, 217, 97, 10
+ LTEXT "", IDT_PIM_INFO, 21, 231, 203, 25
+ GROUPBOX "Wipe Mode", IDT_WIPE_MODE, 14, 270, 217, 71
+ COMBOBOX IDC_WIPE_MODE, 21, 284, 127, 90, CBS_DROPDOWNLIST | WS_TABSTOP
+ LTEXT "", IDT_WIPE_INFO, 21, 303, 200, 32
+ LTEXT "", IDT_IMPORTANT_NOTE, 18, 10, 217, 19
+END
#ifdef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// TEXTINCLUDE
//
1 TEXTINCLUDE
BEGIN
"resource.h\0"
@@ -616,20 +673,36 @@ BEGIN
END
IDD_INPLACE_ENCRYPTION_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 267
BOTTOMMARGIN, 187
HORZGUIDE, 80
HORZGUIDE, 96
END
+ IDD_ADVANCE, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 238
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 242
+ END
+
+ IDD_ADVANCE_MBR, DIALOG
+ BEGIN
+ LEFTMARGIN, 7
+ RIGHTMARGIN, 238
+ TOPMARGIN, 7
+ BOTTOMMARGIN, 242
+ END
+
IDD_SYSENC_KEYS_GEN_PAGE_DLG, DIALOG
BEGIN
RIGHTMARGIN, 267
BOTTOMMARGIN, 174
HORZGUIDE, 80
HORZGUIDE, 96
END
IDD_UNIVERSAL_DUAL_CHOICE_PAGE_DLG, DIALOG
BEGIN
@@ -734,11 +807,10 @@ END
#ifndef APSTUDIO_INVOKED
/////////////////////////////////////////////////////////////////////////////
//
// Generated from the TEXTINCLUDE 3 resource.
//
#include "..\\common\\common.rc"
/////////////////////////////////////////////////////////////////////////////
#endif // not APSTUDIO_INVOKED
-
diff --git a/src/Format/Resource.h b/src/Format/Resource.h
index c37a6f4a..d031a7dd 100644
--- a/src/Format/Resource.h
+++ b/src/Format/Resource.h
@@ -111,21 +111,20 @@
#define IDC_MORE_INFO 1072
#define IDC_MORE_INFO_ON_SYS_ENCRYPTION 1073
#define IDT_COLLECTING_RANDOM_DATA_NOTE 1074
#define IDC_MORE_INFO_ON_CONTAINERS 1075
#define IDC_SINGLE_BOOT 1076
#define IDC_MULTI_BOOT 1077
#define IDT_MULTI_BOOT 1078
#define IDT_SINGLE_BOOT 1079
#define IDC_SYS_POOL_CONTENTS 1080
#define IDT_PARTIAL_POOL_CONTENTS 1081
-#define IDC_DOWNLOAD_CD_BURN_SOFTWARE 1082
#define IDT_RESCUE_DISK_BURN_INFO 1083
#define IDT_WIPE_MODE_INFO 1084
#define IDC_WIPE_MODE 1085
#define IDC_SELECT 1086
#define IDT_SYSENC_KEYS_GEN_INFO 1087
#define IDC_DISPLAY_KEYS 1088
#define IDC_PAUSE 1089
#define IDT_WIPE_MODE 1090
#define IDC_MORE_INFO_SYS_ENCRYPTION 1091
#define IDC_BOX_HELP_NORMAL_VOL 1092
@@ -139,20 +138,44 @@
#define IDT_PASS 1100
#define IDC_DEVICE_TRANSFORM_MODE_FORMAT 1101
#define IDC_DEVICE_TRANSFORM_MODE_INPLACE 1102
#define IDC_DRIVE_LETTER_LIST 1103
#define IDT_DRIVE_LETTER 1104
#define IDC_LINK_PIM_INFO 1105
#define IDC_SHOW_PIM 1106
#define IDC_TB 1107
#define IDC_SKIP_RESCUE_VERIFICATION 1108
#define SPARSE_FILE 1109
+#define IDC_ADVANCE_INTRO 1110
+#define IDD_ADVANCE 1111
+#define IDC_ADVANCE 1112
+#define PASSWORD_METER 1113
+#define IDC_REMEMBER_PASSWORD 1114
+#define IDC_STORE_RESCUE_DISK 1115
+#define IDC_BACKUP_DATA 1116
+#define IDT_REMEMBER_PASSWORD 1117
+#define IDT_STORE_RESCUE_DISK 1118
+#define IDT_BACKUP_DATA 1119
+#define IDC_CHECKLIST_A 1120
+#define IDC_CHECKLIST_B 1121
+#define IDC_CHECKLIST_C 1122
+#define IDD_ADVANCE_MBR 1123
+#define IDC_INFORMATION_TIP 1124
+#define IDC_SHA512_HELP 1125
+#define IDT_PASSWORD_STRENGTH 1126
+#define IDT_RESCUE_DISK_INFO_2 1127
+#define IDT_SYSENC_INFO_2 1128
+#define IDT_IMPORTANT_NOTE 1129
+#define IDT_PIM_INFO 1130
+#define IDT_WIPE_INFO 1131
+#define IDT_TEST_ALGO 1132
+#define IDC_CHECKBOX_PRETEST 1133
// Next default values for new objects
//
#ifdef APSTUDIO_INVOKED
#ifndef APSTUDIO_READONLY_SYMBOLS
#define _APS_NO_MFC 1
#define _APS_NEXT_RESOURCE_VALUE 134
#define _APS_NEXT_COMMAND_VALUE 40001
#define _APS_NEXT_CONTROL_VALUE 1110
#define _APS_NEXT_SYMED_VALUE 101
diff --git a/src/Format/Tcformat.c b/src/Format/Tcformat.c
index efd95caf..db0a8209 100644
--- a/src/Format/Tcformat.c
+++ b/src/Format/Tcformat.c
@@ -6,27 +6,32 @@
Encryption for the Masses 2.02a, which is Copyright (c) 1998-2000 Paul Le Roux
and which is governed by the 'License Agreement for Encryption for the Masses'
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2017 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages. */
#include "Tcdefs.h"
+#include <iostream>
+#include <fstream>
+#include <set>
+#include <iterator>
#include <stdlib.h>
#include <limits.h>
#include <time.h>
#include <errno.h>
#include <io.h>
#include <sys/stat.h>
#include <shlobj.h>
+#include <commctrl.h>
#include "Crypto.h"
#include "cpu.h"
#include "Apidrvr.h"
#include "Dlgcode.h"
#include "Language.h"
#include "Combo.h"
#include "Registry.h"
#include "Boot/Windows/BootDefs.h"
#include "Common/Common.h"
@@ -121,20 +126,29 @@ enum sys_encryption_cmd_line_switches
{
SYSENC_COMMAND_NONE = 0,
SYSENC_COMMAND_RESUME,
SYSENC_COMMAND_STARTUP_SEQ_RESUME,
SYSENC_COMMAND_ENCRYPT,
SYSENC_COMMAND_DECRYPT,
SYSENC_COMMAND_CREATE_HIDDEN_OS,
SYSENC_COMMAND_CREATE_HIDDEN_OS_ELEV
};
+enum password_status
+{
+ very_weak = 0,
+ weak,
+ medium,
+ strong,
+ very_strong
+};
+
typedef struct
{
int NumberOfSysDrives; // Number of drives that contain an operating system. -1: unknown, 1: one, 2: two or more
int MultipleSystemsOnDrive; // Multiple systems are installed on the drive where the currently running system resides. -1: unknown, 0: no, 1: yes
int BootLoaderLocation; // Boot loader (boot manager) installed in: 1: MBR/1st cylinder, 0: partition/bootsector: -1: unknown
int BootLoaderBrand; // -1: unknown, 0: Microsoft Windows, 1: any non-Windows boot manager/loader
int SystemOnBootDrive; // If the currently running operating system is installed on the boot drive. -1: unknown, 0: no, 1: yes
} SYSENC_MULTIBOOT_CFG;
#define SYSENC_PAUSE_RETRY_INTERVAL 100
@@ -153,21 +167,28 @@ volatile int WizardMode = DEFAULT_VOL_CREATION_WIZARD_MODE; /* IMPORTANT: Never
volatile BOOL bHiddenOS = FALSE; /* If TRUE, we are performing or (or supposed to perform) actions relating to an operating system installed in a hidden volume (i.e., encrypting a decoy OS partition or creating the outer/hidden volume for the hidden OS). To determine or set the phase of the process, call ChangeHiddenOSCreationPhase() and DetermineHiddenOSCreationPhase()) */
BOOL bDirectSysEncMode = FALSE;
BOOL bDirectSysEncModeCommand = SYSENC_COMMAND_NONE;
BOOL DirectDeviceEncMode = FALSE;
BOOL DirectNonSysInplaceDecStartMode = FALSE;
BOOL DirectNonSysInplaceEncResumeMode = FALSE;
BOOL DirectNonSysInplaceDecResumeMode = FALSE;
BOOL DirectPromptNonSysInplaceEncResumeMode = FALSE;
BOOL DirectCreationMode = FALSE;
-volatile BOOL bInPlaceEncNonSys = FALSE; /* If TRUE, existing data on a non-system partition/volume are to be encrypted (or decrypted if bInPlaceDecNonSys is TRUE) in place (for system encryption, this flag is ignored) */
+int iIconX=0;
+int iIconY=0;
+HWND hDlgItemTooltip = NULL;
+HANDLE hIconTooltip = NULL;
+char tempPassword[MAX_PASSWORD + 1];
+int iPasswordStrength;
+
+volatile BOOL bInPlaceEncNonSys = TRUE; /* If TRUE, existing data on a non-system partition/volume are to be encrypted (or decrypted if bInPlaceDecNonSys is TRUE) in place (for system encryption, this flag is ignored) */
volatile BOOL bInPlaceDecNonSys = FALSE; /* If TRUE, existing data on a non-system partition/volume are to be decrypted in place (for system encryption, this flag is ignored) */
volatile BOOL bInPlaceEncNonSysResumed = FALSE; /* If TRUE, the wizard is supposed to resume (or has resumed) process of non-system in-place encryption/decryption. */
volatile BOOL bFirstNonSysInPlaceEncResumeDone = FALSE;
__int64 NonSysInplaceEncBytesDone = 0;
__int64 NonSysInplaceEncTotalSize = 0;
BOOL bDeviceTransformModeChoiceMade = FALSE; /* TRUE if the user has at least once manually selected the 'in-place' or 'format' option (on the 'device transform mode' page). */
int nNeedToStoreFilesOver4GB = 0; /* Whether the user wants to be able to store files larger than 4GB on the volume: -1 = Undecided or error, 0 = No, 1 = Yes */
int nVolumeEA = 1; /* Default encryption algorithm */
BOOL bSystemEncryptionInProgress = FALSE; /* TRUE when encrypting/decrypting the system partition/drive (FALSE when paused). */
BOOL bWholeSysDrive = FALSE; /* Whether to encrypt the entire system drive or just the system partition. */
@@ -229,20 +250,21 @@ BOOL bKeybLayoutAltKeyWarningShown = FALSE; /* TRUE if the user has been informe
#else
BOOL bWarnDeviceFormatAdvanced = FALSE;
#endif
BOOL bWarnOuterVolSuitableFileSys = TRUE;
Password volumePassword; /* User password */
Password outerVolumePassword; /* Outer volume user password */
char szVerify[MAX_PASSWORD + 1]; /* Tmp password buffer */
char szRawPassword[MAX_PASSWORD + 1]; /* Password before keyfile was applied to it */
+BOOL bNextButtonClicked = FALSE;
int volumePim = 0;
int outerVolumePim = 0;
BOOL bHistoryCmdLine = FALSE; /* History control is always disabled */
BOOL ComServerMode = FALSE;
Password CmdVolumePassword = {0}; /* Password passed from command line */
int CmdVolumeEA = 0;
@@ -294,20 +316,25 @@ volatile int clusterSize = 0;
SYSENC_MULTIBOOT_CFG SysEncMultiBootCfg;
wchar_t SysEncMultiBootCfgOutcome [4096] = {L'N',L'/',L'A',0};
volatile int NonSysInplaceEncStatus = NONSYS_INPLACE_ENC_STATUS_NONE;
LONGLONG nAvailableFreeSpace = -1;
BOOL bIsSparseFilesSupportedByHost = FALSE;
vector <HostDevice> DeferredNonSysInPlaceEncDevices;
+BOOL bChecklistA;
+BOOL bChecklistB;
+BOOL bChecklistC;
+BOOL bCheckboxPretest;
+
int iMaxPasswordLength = MAX_PASSWORD;
// specific definitions and implementation for support of resume operation
// in wait dialog mechanism
void CALLBACK ResumeInPlaceEncWaitThreadProc(void* pArg, HWND hwndDlg)
{
wchar_t szDevicePath[MAX_PATH] = {0};
RawDevicesDlgParam param;
param.devices = GetAvailableHostDevices (false, true, false);
@@ -1412,103 +1439,25 @@ void ComboSelChangeEA (HWND hwndDlg)
{
int nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
if (nIndex == CB_ERR)
{
SetWindowText (GetDlgItem (hwndDlg, IDC_BOX_HELP), L"");
}
else
{
wchar_t name[100];
- wchar_t auxLine[4096];
- wchar_t hyperLink[256] = { 0 };
- int cipherIDs[5];
- int i, cnt = 0;
nIndex = (int) SendMessage (GetDlgItem (hwndDlg, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
EAGetName (name, ARRAYSIZE(name),nIndex, 0);
- if (wcscmp (name, L"AES") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("AES_HELP"));
- }
- else if (wcscmp (name, L"Serpent") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SERPENT_HELP"));
- }
- else if (wcscmp (name, L"Twofish") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("TWOFISH_HELP"));
- }
- else if (wcscmp (name, L"Kuznyechik") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("KUZNYECHIK_HELP"));
- }
- else if (wcscmp (name, L"Camellia") == 0)
- {
- StringCbPrintfW (hyperLink, sizeof(hyperLink) / 2, GetString ("MORE_INFO_ABOUT"), name);
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("CAMELLIA_HELP"));
- }
- else if (EAGetCipherCount (nIndex) > 1)
- {
- // Cascade
- cipherIDs[cnt++] = i = EAGetLastCipher(nIndex);
- while (i = EAGetPreviousCipher(nIndex, i))
- {
- cipherIDs[cnt] = i;
- cnt++;
- }
-
- switch (cnt) // Number of ciphers in the cascade
- {
- case 2:
- StringCbPrintfW (auxLine, sizeof(auxLine), GetString ("TWO_LAYER_CASCADE_HELP"),
- CipherGetName (cipherIDs[1]),
- CipherGetKeySize (cipherIDs[1])*8,
- CipherGetName (cipherIDs[0]),
- CipherGetKeySize (cipherIDs[0])*8);
- break;
-
- case 3:
- StringCbPrintfW (auxLine, sizeof(auxLine), GetString ("THREE_LAYER_CASCADE_HELP"),
- CipherGetName (cipherIDs[2]),
- CipherGetKeySize (cipherIDs[2])*8,
- CipherGetName (cipherIDs[1]),
- CipherGetKeySize (cipherIDs[1])*8,
- CipherGetName (cipherIDs[0]),
- CipherGetKeySize (cipherIDs[0])*8);
- break;
- }
-
- StringCbCopyW (hyperLink, sizeof(hyperLink), GetString ("IDC_LINK_MORE_INFO_ABOUT_CIPHER"));
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), auxLine);
- }
- else
- {
- // No info available for this encryption algorithm
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), L"");
- }
-
-
- // Update hyperlink
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_LINK_MORE_INFO_ABOUT_CIPHER), hyperLink);
- AccommodateTextField (hwndDlg, IDC_LINK_MORE_INFO_ABOUT_CIPHER, FALSE, hUserUnderlineFont);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("AES_HELP_NEW"));
}
}
static void VerifySizeAndUpdate (HWND hwndDlg, BOOL bUpdate)
{
BOOL bEnable = TRUE;
wchar_t szTmp[50];
__int64 lTmp;
__int64 i;
static unsigned __int64 nLastVolumeSize = 0;
@@ -3769,45 +3718,94 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
UpdateWizardModeControls (hwndDlg, WizardMode);
break;
case SYSENC_TYPE_PAGE:
+ {
bHiddenVolHost = bHiddenVol = bHiddenOS;
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_TYPE_PAGE_TITLE"));
-
- SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
- SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
+ wchar_t finalMsg[8024] = {0};
- DisableIfGpt(GetDlgItem(hwndDlg, IDC_SYSENC_HIDDEN));
+ try
+ {
+ StringCbPrintfW (finalMsg, sizeof(finalMsg),
+ GetString ("SYSENC_TYPE_PAGE_TITLE"),
+ GetSystemDriveLetter ());
+ }
+ catch (Exception &e)
+ {
+ e.Show (hwndDlg);
+ EndMainDlg (MainDlg);
+ return 0;
+ }
- CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), finalMsg);
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_TYPE_HELP"));
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP_SYSENC_NORMAL), GetString ("SYSENC_NORMAL_TYPE_HELP"));
+ memset (finalMsg, 0, sizeof (finalMsg));
+ try
+ {
+ StringCbPrintfW (finalMsg, sizeof(finalMsg),
+ GetString ("SYSENC_INFO"),
+ GetSystemDriveLetter ());
+ }
+ catch (Exception &e)
+ {
+ e.Show (hwndDlg);
+ EndMainDlg (MainDlg);
+ return 0;
+ }
- ToHyperlink (hwndDlg, IDC_HIDDEN_SYSENC_INFO_LINK);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), finalMsg);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_SYSENC_INFO_2), GetString ("SYSENC_INFO_2"));
+
+ if (bSystemIsGPT)
+ {
+ ShowWindow (GetDlgItem(hwndDlg, IDC_ADVANCE_INTRO), SW_HIDE);
+ ShowWindow (GetDlgItem(hwndDlg, IDC_INFORMATION_TIP), SW_HIDE);
+ }
+ else
+ {
+ EnableWindow (GetDlgItem(hwndDlg, IDC_ADVANCE_INTRO), TRUE);
+ iIconX = GetSystemMetrics (SM_CXSMICON);
+ iIconY = GetSystemMetrics (SM_CYSMICON);
+ hIconTooltip = LoadImage (NULL, MAKEINTRESOURCE (104), IMAGE_ICON, iIconX, iIconY, LR_DEFAULTCOLOR);
+ SendDlgItemMessage (hwndDlg, IDC_INFORMATION_TIP, STM_SETICON, (WPARAM) hIconTooltip, 0);
+
+ hDlgItemTooltip = GetDlgItem (hwndDlg, IDC_INFORMATION_TIP);
+ if (hDlgItemTooltip)
+ {
+ CreateToolTip (hwndDlg, hDlgItemTooltip, GetString ("ADV_FEATURES_INTRO_TOOLTIP"));
+ }
+ else
+ {
+ MessageBox (0, TEXT("Cannot find dialog item"), 0, 0);
+ }
+ }
+
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bDirectSysEncMode);
SetWindowTextW (GetDlgItem (MainDlg, IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (MainDlg, IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (MainDlg, IDCANCEL), GetString ("CANCEL"));
+
+ // Start loading the password dictonary into memory ("need" is just a random word for initializing the process)
+ CheckWord("need");
break;
-
+ }
case SYSENC_HIDDEN_OS_REQ_CHECK_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_HIDDEN_OS_REQ_CHECK_PAGE_HELP"));
SetWindowTextW (GetDlgItem (MainDlg, IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (MainDlg, IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (MainDlg, IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (MainDlg, IDC_PREV), bDirectSysEncModeCommand != SYSENC_COMMAND_CREATE_HIDDEN_OS && bDirectSysEncModeCommand != SYSENC_COMMAND_CREATE_HIDDEN_OS_ELEV);
@@ -3828,21 +3826,20 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
DisableIfGpt(GetDlgItem(hwndDlg, IDC_WHOLE_SYS_DRIVE));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("CANCEL"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
break;
-
case SYSENC_PRE_DRIVE_ANALYSIS_PAGE:
Init2RadButtonPageYesNo (SysEncDetectHiddenSectors);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYSENC_PRE_DRIVE_ANALYSIS_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_PRE_DRIVE_ANALYSIS_HELP"));
break;
case SYSENC_DRIVE_ANALYSIS_PAGE:
@@ -4356,105 +4353,147 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), !bInPlaceEncNonSys);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
}
break;
case PASSWORD_PAGE:
{
wchar_t str[1000];
+ EnableWindow(GetDlgItem(hwndDlg, IDC_VERIFY), FALSE);
+
hPasswordInputField = GetDlgItem (hwndDlg, IDC_PASSWORD);
hVerifyPasswordInputField = GetDlgItem (hwndDlg, IDC_VERIFY);
ToNormalPwdField (hwndDlg, IDC_PASSWORD);
ToNormalPwdField (hwndDlg, IDC_VERIFY);
if (SysEncInEffect ())
{
ToBootPwdField (hwndDlg, IDC_PASSWORD);
ToBootPwdField (hwndDlg, IDC_VERIFY);
- StringCbPrintfW (OrigKeyboardLayout, sizeof(OrigKeyboardLayout), L"%08X", (DWORD) GetKeyboardLayout (NULL) & 0xFFFF);
+ StringCbPrintfW(OrigKeyboardLayout, sizeof(OrigKeyboardLayout), L"%08X", (DWORD)GetKeyboardLayout(NULL) & 0xFFFF);
- if ((DWORD) GetKeyboardLayout (NULL) != 0x00000409 && (DWORD) GetKeyboardLayout (NULL) != 0x04090409)
+ if ((DWORD)GetKeyboardLayout(NULL) != 0x00000409 && (DWORD)GetKeyboardLayout(NULL) != 0x04090409)
{
- DWORD keybLayout = (DWORD) LoadKeyboardLayout (L"00000409", KLF_ACTIVATE);
+ DWORD keybLayout = (DWORD)LoadKeyboardLayout(L"00000409", KLF_ACTIVATE);
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
- Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);
- EndMainDlg (MainDlg);
+ Error("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);
+ EndMainDlg(MainDlg);
return 1;
}
bKeyboardLayoutChanged = TRUE;
}
-
if (SetTimer (MainDlg, TIMER_ID_KEYB_LAYOUT_GUARD, TIMER_INTERVAL_KEYB_LAYOUT_GUARD, NULL) == 0)
{
Error ("CANNOT_SET_TIMER", MainDlg);
EndMainDlg (MainDlg);
return 1;
}
+
+ ShowWindow(GetDlgItem(hwndDlg, IDC_KEYFILES_ENABLE), SW_HIDE);
+ ShowWindow(GetDlgItem(hwndDlg, IDC_KEY_FILES), SW_HIDE);
+ ShowWindow(GetDlgItem(hwndDlg, IDC_PIM_ENABLE), SW_HIDE);
+
+ ShowWindow(GetDlgItem(hwndDlg, IDC_ADVANCE), SW_SHOW);
+ }
+ else
+ {
+ SetCheckBox (hwndDlg, IDC_PIM_ENABLE, PimEnable);
+
+ SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable && !SysEncInEffect());
+ EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), !SysEncInEffect());
}
if (bHiddenVolHost)
{
StringCbCopyW (str, sizeof(str), GetString (bHiddenOS ? "PASSWORD_SYSENC_OUTERVOL_HELP" : "PASSWORD_HIDDENVOL_HOST_HELP"));
}
else if (bHiddenVol)
{
StringCbPrintfW (str, sizeof str, L"%s%s",
GetString (bHiddenOS ? "PASSWORD_HIDDEN_OS_HELP" : "PASSWORD_HIDDENVOL_HELP"),
GetString ("PASSWORD_HELP"));
}
else
{
- StringCbCopyW (str, sizeof(str), GetString ("PASSWORD_HELP"));
+ StringCbCopyW (str, sizeof(str), GetString ("PASSWORD_HELP_SYSENC"));
}
- SetPassword (hwndDlg, IDC_PASSWORD, szRawPassword);
- SetPassword (hwndDlg, IDC_VERIFY, szVerify);
+ SetPassword(hwndDlg, IDC_PASSWORD, szRawPassword);
+ SetPassword(hwndDlg, IDC_VERIFY, szVerify);
SetFocus (GetDlgItem (hwndDlg, IDC_PASSWORD));
- SetCheckBox (hwndDlg, IDC_PIM_ENABLE, PimEnable);
-
- SetCheckBox (hwndDlg, IDC_KEYFILES_ENABLE, KeyFilesEnable && !SysEncInEffect());
- EnableWindow (GetDlgItem (hwndDlg, IDC_KEY_FILES), KeyFilesEnable && !SysEncInEffect());
- EnableWindow (GetDlgItem (hwndDlg, IDC_KEYFILES_ENABLE), !SysEncInEffect());
-
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), str);
if (CreatingHiddenSysVol())
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD_HIDDEN_OS_TITLE"));
else if (bHiddenVol)
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString (bHiddenVolHost ? "PASSWORD_HIDVOL_HOST_TITLE" : "PASSWORD_HIDVOL_TITLE"));
else if (WizardMode == WIZARD_MODE_SYS_DEVICE)
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD"));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("CHOOSE_PASSWORD_TITLE"));
else
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("PASSWORD_TITLE"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
GetDlgItem (hwndDlg, IDC_PASSWORD),
GetDlgItem (hwndDlg, IDC_VERIFY),
NULL,
NULL,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+
+ if(SysEncInEffect ())
+ {
+ /* Random pool parameter is here because random page is removed */
+
+ mouseEntropyGathered = 0xFFFFFFFF;
+ mouseEventsInitialCount = 0;
+ bUseMask = FALSE;
+
+ {
+ HCRYPTPROV hRngProv;
+ if (CryptAcquireContext (&hRngProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT))
+ {
+ if (CryptGenRandom (hRngProv, sizeof (maskRandPool), maskRandPool))
+ bUseMask = TRUE;
+ CryptReleaseContext (hRngProv, 0);
+ }
+ }
+
+ SetTimer(GetParent(hwndDlg), TIMER_ID_RANDVIEW, TIMER_INTERVAL_RANDVIEW, NULL);
+ hRandPoolSys = GetDlgItem(hwndDlg, IDC_SYS_POOL_CONTENTS);
+ hEntropyBar = GetDlgItem(hwndDlg, IDC_ENTROPY_BAR);
+ SendMessage(hEntropyBar, PBM_SETRANGE32, 0, maxEntropyLevel);
+ SendMessage(hEntropyBar, PBM_SETSTEP, 1, 0);
+ SendMessage(GetDlgItem(hwndDlg, IDC_SYS_POOL_CONTENTS), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+
+ /* set default values */
+
+ hash_algo = bSystemIsGPT ? SHA512 : DEFAULT_HASH_ALGORITHM_BOOT;
+ RandSetHashFunction(hash_algo);
+
+ nWipeMode = TC_WIPE_NONE;
+ }
}
break;
case PIM_PAGE:
{
SendMessage (GetDlgItem (hwndDlg, IDC_PIM), EM_LIMITTEXT, SysEncInEffect()? MAX_BOOT_PIM: MAX_PIM, 0);
if (volumePim > 0)
{
SetPim (hwndDlg, IDC_PIM, volumePim);
@@ -4570,20 +4609,22 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
DisplayPortionsOfKeys (hHeaderKey, hMasterKey, HeaderKeyGUIView, MasterKeyGUIView, !showKeys);
break;
case SYSENC_RESCUE_DISK_CREATION_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("RESCUE_DISK"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_INFO), bSystemIsGPT? GetString ("RESCUE_DISK_EFI_INFO"): GetString ("RESCUE_DISK_INFO"));
+ SetWindowTextW(GetDlgItem(hwndDlg, IDT_RESCUE_DISK_INFO_2), GetString("RESCUE_DISK_INFO_2"));
+
SetCheckBox (hwndDlg, IDC_SKIP_RESCUE_VERIFICATION, bDontVerifyRescueDisk);
SetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
break;
case SYSENC_RESCUE_DISK_BURN_PAGE:
{
wchar_t szTmp[8192];
@@ -4601,39 +4642,23 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else
{
StringCbPrintfW (szTmp, sizeof szTmp,
GetString (bDontVerifyRescueDisk ? "RESCUE_DISK_BURN_INFO_NO_CHECK" : "RESCUE_DISK_BURN_INFO"),
szRescueDiskISO, IsWindowsIsoBurnerAvailable() ? L"" : GetString ("RESCUE_DISK_BURN_INFO_NONWIN_ISO_BURNER"));
}
SetWindowTextW (GetDlgItem (hwndDlg, IDT_RESCUE_DISK_BURN_INFO), szTmp);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
- /* The 'Back' button must be disabled now because the user could burn a Rescue Disk, then go back, and
- generate a different master key, which would cause the Rescue Disk verification to fail (the result
- would be confusion and bug reports). */
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
-
- if (bSystemIsGPT)
- {
- ShowWindow (GetDlgItem (hwndDlg, IDC_DOWNLOAD_CD_BURN_SOFTWARE), SW_HIDE);
- }
- else
- {
- if (IsWindowsIsoBurnerAvailable())
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_DOWNLOAD_CD_BURN_SOFTWARE), GetString ("LAUNCH_WIN_ISOBURN"));
-
- ToHyperlink (hwndDlg, IDC_DOWNLOAD_CD_BURN_SOFTWARE);
-
- if (IsWindowsIsoBurnerAvailable() && !bDontVerifyRescueDisk)
- LaunchWindowsIsoBurner (hwndDlg, szRescueDiskISO);
- }
+ /* The 'Back' button is enabled but user can't go back, instead warning is provided */
+ EnableWindow(GetDlgItem(GetParent(hwndDlg), IDC_PREV), TRUE);
+
}
break;
case SYSENC_RESCUE_DISK_VERIFIED_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("RESCUE_DISK_DISK_VERIFIED_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("RESCUE_DISK_VERIFIED_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
@@ -4644,38 +4669,90 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
// Prevent losing the burned rescue disk by inadvertent exit
bConfirmQuit = TRUE;
break;
case SYSENC_WIPE_MODE_PAGE:
case NONSYS_INPLACE_ENC_WIPE_MODE_PAGE:
{
- if (nWipeMode == TC_WIPE_1_RAND)
- nWipeMode = TC_WIPE_NONE;
-
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
- SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("INPLACE_ENC_WIPE_MODE_INFO"));
-
- PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE),
- SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
- TRUE,
- FALSE);
+ if (SysEncInEffect ())
+ {
+ /* Wipe mode page is now checklist page */
+ ShowWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), SW_HIDE);
+
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_REMEMBER_PASSWORD), GetString ("REMEMBER_PASSWORD"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_STORE_RESCUE_DISK), GetString ("STORE_RESCUE_DISK"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BACKUP_DATA), GetString ("BACKUP_DATA"));
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_REMEMBER_PASSWORD), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_STORE_RESCUE_DISK), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_BACKUP_DATA), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+
+ bChecklistA = FALSE;
+ bChecklistB = FALSE;
+ bChecklistC = FALSE;
+
+ SetWindowTextW(GetDlgItem(GetParent(hwndDlg), IDC_BOX_TITLE), GetString("CHECKLIST_TITLE"));
+
+ SetDlgItemText(hwndDlg, IDC_BROWSE, GetString ("OPEN_PATH_CHECKLIST_PAGE"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_STORE_RESCUE_DISK), GetString ("RESCUE_DISK_CHECKLIST_B"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_REMEMBER_PASSWORD), GetString ("RESCUE_DISK_CHECKLIST_A"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_BACKUP_DATA), GetString ("RESCUE_DISK_CHECKLIST_C"));
+
+ EnableWindow(GetDlgItem(hwndDlg, IDC_REMEMBER_PASSWORD), TRUE);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_STORE_RESCUE_DISK), TRUE);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_BACKUP_DATA), TRUE);
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
+ }
+ else
+ {
+ /* Hide elements from Checklist page and show Wipe mode page */
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKLIST_A), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKLIST_B), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKLIST_C), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_STORE_RESCUE_DISK), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_REMEMBER_PASSWORD), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_BACKUP_DATA), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_REMEMBER_PASSWORD), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_STORE_RESCUE_DISK), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDT_BACKUP_DATA), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_BROWSE), SW_HIDE);
+ ShowWindow (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH), SW_HIDE);
+
+ if (nWipeMode == TC_WIPE_1_RAND)
+ nWipeMode = TC_WIPE_NONE;
+
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("WIPE_MODE_TITLE"));
+ SetWindowTextW (GetDlgItem (hwndDlg, IDT_WIPE_MODE_INFO), GetString ("INPLACE_ENC_WIPE_MODE_INFO"));
+
+ PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE),
+ SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
+ TRUE,
+ FALSE);
- SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
+ SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("NEXT"));
- SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ }
}
break;
case SYSENC_PRETEST_INFO_PAGE:
if (bHiddenOS)
{
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("HIDDEN_OS_CREATION_PREINFO_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("HIDDEN_OS_CREATION_PREINFO_HELP"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("START"));
@@ -4684,21 +4761,21 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
else
{
wchar_t finalMsg[8024] = {0};
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_PRETEST_TITLE"));
try
{
StringCbPrintfW (finalMsg, sizeof(finalMsg),
GetString ("SYS_ENCRYPTION_PRETEST_INFO"),
- BootEncObj->GetSystemDriveConfiguration().DriveNumber);
+ GetSystemDriveLetter ());
}
catch (Exception &e)
{
e.Show (hwndDlg);
EndMainDlg (MainDlg);
return 0;
}
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), finalMsg);
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("TEST"));
@@ -4708,28 +4785,44 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
break;
case SYSENC_PRETEST_RESULT_PAGE:
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE), GetString ("SYS_ENCRYPTION_PRETEST_RESULT_TITLE"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYS_ENCRYPTION_PRETEST_RESULT_INFO"));
+ ShowWindow (GetDlgItem (hwndDlg, IDC_CHECKBOX_PRETEST), SW_SHOW);
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_CHECKBOX_PRETEST), GetString ("PRETEST_CHECKBOX"));
+
+ bCheckboxPretest = FALSE;
+
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), GetString ("ENCRYPT"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("DEFER"));
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
- EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
+ HWND hTooltip;
+ hTooltip = GetDlgItem (GetParent (hwndDlg), IDC_PREV);
+ if (hTooltip)
+ {
+ CreateToolTip (hwndDlg, hTooltip, GetString ("PRETEST_BACK_BUTTON"));
+ }
+ else
+ {
+ MessageBox (0, TEXT ("Cannot find dialog item for tooltip!"), 0, 0);
+ }
+
break;
case SYSENC_ENCRYPTION_PAGE:
if (CreateSysEncMutex ())
{
try
{
BootEncStatus = BootEncObj->GetStatus();
bSystemEncryptionInProgress = BootEncStatus.SetupInProgress;
@@ -4737,56 +4830,62 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
catch (Exception &e)
{
e.Show (hwndDlg);
Error ("ERR_GETTING_SYSTEM_ENCRYPTION_STATUS", MainDlg);
EndMainDlg (MainDlg);
return 0;
}
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_BOX_TITLE),
GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPTION" : "DECRYPTION"));
-
- SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP), GetString ("SYSENC_ENCRYPTION_PAGE_INFO"));
+
+ SetWindowTextW (GetDlgItem (hwndDlg, IDC_BOX_HELP),
+ GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "SYSENC_ENCRYPTION_PAGE_INFO" : "SYSENC_DECRYPTION_PAGE_INFO"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDCANCEL), GetString ("DEFER"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_PREV), GetString ("PREV"));
SetWindowTextW (GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
GetString (SystemEncryptionStatus != SYSENC_STATUS_DECRYPTING ? "ENCRYPT" : "DECRYPT"));
SetWindowTextW (GetDlgItem (hwndDlg, IDC_PAUSE),
GetString (bSystemEncryptionInProgress ? "IDC_PAUSE" : "RESUME"));
EnableWindow (GetDlgItem (hwndDlg, IDC_PAUSE), BootEncStatus.DriveEncrypted);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_PREV), FALSE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), !BootEncStatus.SetupInProgress);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDCANCEL), TRUE);
EnableWindow (GetDlgItem (GetParent (hwndDlg), IDHELP), TRUE);
- ToHyperlink (hwndDlg, IDC_MORE_INFO_SYS_ENCRYPTION);
-
if (SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING)
{
nWipeMode = TC_WIPE_NONE;
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE);
EnableWindow (GetDlgItem (hwndDlg, IDT_WIPE_MODE), FALSE);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), TRUE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
else
{
EnableWindow (GetDlgItem (hwndDlg, IDC_WIPE_MODE), !bSystemEncryptionInProgress);
PopulateWipeModeCombo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), FALSE, TRUE, FALSE);
SelectAlgo (GetDlgItem (hwndDlg, IDC_WIPE_MODE), (int *) &nWipeMode);
}
+ if (nWipeMode == TC_WIPE_NONE)
+ {
+ ShowWindow (GetDlgItem(hwndDlg, IDC_WIPE_MODE), SW_HIDE);
+ ShowWindow (GetDlgItem(hwndDlg, IDT_FORMAT_OPTIONS), SW_HIDE);
+ ShowWindow (GetDlgItem(hwndDlg, IDT_WIPE_MODE), SW_HIDE);
+ }
+
PostMessage (hwndDlg, TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS, 0, 0);
}
else
{
Error ("SYSTEM_ENCRYPTION_IN_PROGRESS_ELSEWHERE", MainDlg);
EndMainDlg (MainDlg);
return 0;
}
return 0;
@@ -5262,20 +5361,52 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
case WM_HELP:
OpenPageHelp (GetParent (hwndDlg), nCurPageNo);
return 1;
case TC_APPMSG_PERFORM_POST_SYSENC_WMINIT_TASKS:
AfterSysEncProgressWMInitTasks (hwndDlg);
return 1;
case WM_CTLCOLORSTATIC:
{
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 1)
+ {
+ // we're about to draw the static
+ // set the text colour in (HDC)lParam
+ SetBkMode ((HDC)wParam, TRANSPARENT);
+ SetTextColor ((HDC)wParam, RGB(255, 0, 0)); // password weak red
+ return (BOOL)GetSysColorBrush(COLOR_MENU);
+ }
+
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 2)
+ {
+ // we're about to draw the static
+ // set the text colour in (HDC)lParam
+ SetBkMode ((HDC)wParam, TRANSPARENT);
+ SetTextColor ((HDC)wParam, RGB (255, 165, 0)); // password medium orange
+ return (BOOL) GetSysColorBrush (COLOR_MENU);
+ }
+
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 3)
+ {
+ SetBkMode ((HDC)wParam, TRANSPARENT);
+ SetTextColor ((HDC)wParam, RGB (218, 218, 0)); // password strong yellow
+ return (BOOL) GetSysColorBrush (COLOR_MENU);
+ }
+
+ if ((HWND)lParam == GetDlgItem (hwndDlg, PASSWORD_METER) && iPasswordStrength == 4)
+ {
+ SetBkMode((HDC)wParam, TRANSPARENT);
+ SetTextColor((HDC)wParam, RGB(50, 205, 50)); // password very strong green
+ return (BOOL) GetSysColorBrush (COLOR_MENU);
+ }
+
if (PimValueChangedWarning && ((HWND)lParam == GetDlgItem(hwndDlg, IDC_PIM_HELP)) )
{
// we're about to draw the static
// set the text colour in (HDC)lParam
SetBkMode((HDC)wParam,TRANSPARENT);
SetTextColor((HDC)wParam, RGB(255,0,0));
// NOTE: per documentation as pointed out by selbie, GetSolidBrush would leak a GDI handle.
return (BOOL)GetSysColorBrush(COLOR_MENU);
}
}
@@ -5324,20 +5455,36 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
bHiddenVol = FALSE;
bHiddenVolHost = FALSE;
return 1;
case IDC_HIDDEN_SYSENC_INFO_LINK:
Applink ("hiddensysenc");
return 1;
}
}
+ if (lw == IDC_ADVANCE_INTRO && nCurPageNo == SYSENC_TYPE_PAGE)
+ {
+ DialogBoxParamW(hInst,
+ MAKEINTRESOURCEW(IDD_ADVANCE_MBR), hwndDlg,
+ (DLGPROC)AdvanceDlgProcIntro, NULL);
+ return 1;
+ }
+
+ if (lw == IDC_ADVANCE && nCurPageNo == PASSWORD_PAGE)
+ {
+ DialogBoxParamW(hInst,
+ MAKEINTRESOURCEW(IDD_ADVANCE), hwndDlg,
+ (DLGPROC)AdvanceDlgProc, NULL);
+ return 1;
+ }
+
if (nCurPageNo == SYSENC_HIDDEN_OS_REQ_CHECK_PAGE && lw == IDC_HIDDEN_SYSENC_INFO_LINK)
{
Applink ("hiddensysenc");
return 1;
}
if (nCurPageNo == SYSENC_SPAN_PAGE)
{
switch (lw)
{
@@ -5672,28 +5819,70 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
if (hw == EN_CHANGE && nCurPageNo == SIZE_PAGE)
{
VerifySizeAndUpdate (hwndDlg, FALSE);
return 1;
}
if (hw == EN_CHANGE && nCurPageNo == PASSWORD_PAGE)
{
- VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
- GetDlgItem (hwndDlg, IDC_PASSWORD),
- GetDlgItem (hwndDlg, IDC_VERIFY),
- NULL,
- NULL,
- KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
+ // If 'Next' button was clicked (and keyboard layout is not US), don't verify
+ if (!bNextButtonClicked)
+ {
+ VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (GetParent (hwndDlg), IDC_NEXT),
+ GetDlgItem(hCurPage, IDC_PASSWORD),
+ GetDlgItem(hCurPage, IDC_VERIFY),
+ NULL,
+ NULL,
+ KeyFilesEnable && FirstKeyFile != NULL && !SysEncInEffect());
+
+ bNextButtonClicked = FALSE;
+ }
+
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
+
+ SendMessage (GetDlgItem (hwndDlg, PASSWORD_METER), WM_SETFONT, (WPARAM)hUserBoldFont, (LPARAM)TRUE);
+
+ memset (&tempPassword[0], 0, sizeof (tempPassword));
+
+ if (GetPassword (hCurPage, IDC_PASSWORD, tempPassword, iMaxPasswordLength + 1, FALSE, TRUE))
+ iPasswordStrength = PrintStrongness (tempPassword, strlen (tempPassword));
+ else
+ Error ("ERROR_GETTING_PWD", hwndDlg);
+
+ burn (tempPassword, sizeof (tempPassword));
+ if (iPasswordStrength == very_strong)
+ {
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("VERY_STRONG_PASSWORD"));
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), TRUE);
+ }
+ else if (iPasswordStrength == strong)
+ {
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("STRONG_PASSWORD"));
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), TRUE);
+ }
+ else if (iPasswordStrength == medium)
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), TRUE);
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("MEDIUM_PASSWORD"));
+ }
+ else if (iPasswordStrength == weak)
+ {
+ EnableWindow (GetDlgItem (hwndDlg, IDC_VERIFY), FALSE);
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("WEAK_PASSWORD"));
+ }
+ else
+ {
+ SetWindowTextW (GetDlgItem (hwndDlg, PASSWORD_METER), GetString ("VERY_WEAK_PASSWORD"));
+ }
return 1;
}
if (hw == EN_CHANGE && nCurPageNo == PIM_PAGE)
{
if (lw == IDC_PIM)
{
if(GetPim (hwndDlg, IDC_PIM, 0) != 0)
{
PimValueChangedWarning = TRUE;
@@ -5714,20 +5903,46 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PASSWORD, IDC_PASSWORD, IDC_VERIFY);
return 1;
}
if (lw == IDC_SHOW_PIM && nCurPageNo == PIM_PAGE)
{
HandleShowPasswordFieldAction (hwndDlg, IDC_SHOW_PIM, IDC_PIM, 0);
return 1;
}
+ if (lw == IDC_CHECKLIST_A)
+ {
+ bChecklistA = GetCheckBox (hwndDlg, IDC_CHECKLIST_A);
+ bChecklistB = GetCheckBox (hwndDlg, IDC_CHECKLIST_B);
+ bChecklistC = GetCheckBox (hwndDlg, IDC_CHECKLIST_C);
+ }
+
+ if (lw == IDC_CHECKLIST_B)
+ {
+ bChecklistA = GetCheckBox (hwndDlg, IDC_CHECKLIST_A);
+ bChecklistB = GetCheckBox (hwndDlg, IDC_CHECKLIST_B);
+ bChecklistC = GetCheckBox (hwndDlg, IDC_CHECKLIST_C);
+ }
+
+ if (lw == IDC_CHECKLIST_C)
+ {
+ bChecklistA = GetCheckBox (hwndDlg, IDC_CHECKLIST_A);
+ bChecklistB = GetCheckBox (hwndDlg, IDC_CHECKLIST_B);
+ bChecklistC = GetCheckBox (hwndDlg, IDC_CHECKLIST_C);
+ }
+
+ if (lw == IDC_CHECKBOX_PRETEST)
+ {
+ bCheckboxPretest = GetCheckBox (hwndDlg, IDC_CHECKBOX_PRETEST);
+ }
+
if (lw == IDC_PIM_ENABLE)
{
PimEnable = GetCheckBox (hwndDlg, IDC_PIM_ENABLE);
if (!PimEnable)
volumePim = 0;
if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE
)
{
ShowWindow (GetDlgItem( hwndDlg, IDC_PIM_ENABLE), PimEnable? SW_HIDE : SW_SHOW);
@@ -6043,28 +6258,61 @@ BOOL CALLBACK PageDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
if ( hw == EN_CHANGE )
{
GetDlgItemText (hwndDlg, IDC_RESCUE_DISK_ISO_PATH, szRescueDiskISO, sizeof(szRescueDiskISO));
EnableWindow (GetDlgItem (MainDlg, IDC_NEXT), (GetWindowTextLength (GetDlgItem (hwndDlg, IDC_RESCUE_DISK_ISO_PATH)) > 1));
return 1;
}
}
- if (nCurPageNo == SYSENC_RESCUE_DISK_BURN_PAGE && lw == IDC_DOWNLOAD_CD_BURN_SOFTWARE)
+ /* The password and rescue checkbox have to be clicked in order to enable the next button */
+ if ((nCurPageNo == SYSENC_WIPE_MODE_PAGE || nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE) &&
+ (lw == IDC_CHECKLIST_A || lw == IDC_CHECKLIST_B || lw == IDC_CHECKLIST_C))
{
- if (IsWindowsIsoBurnerAvailable())
- LaunchWindowsIsoBurner (hwndDlg, szRescueDiskISO);
- else
- Applink ("isoburning");
+ if (SysEncInEffect ())
+ {
+ if (bChecklistA && bChecklistB && bChecklistC)
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ else
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
+ }
+ }
- return 1;
+ if (lw == IDC_BROWSE && (nCurPageNo == SYSENC_WIPE_MODE_PAGE || nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE))
+ {
+ wchar_t tmpszRescueDiskISO [TC_MAX_PATH+1];
+
+ StringCbCopyW (tmpszRescueDiskISO, sizeof(tmpszRescueDiskISO), szRescueDiskISO);
+
+ //detects the last '\' in order to remove the name of the zip file and save file name
+ for (int i = wcslen(tmpszRescueDiskISO); i > 1; i--)
+ {
+ if (tmpszRescueDiskISO[i] == '\\')
+ {
+ for (int j = i + 1; i < wcslen(tmpszRescueDiskISO); i++)
+ tmpszRescueDiskISO[j] = '\0';
+ break;
+ }
+ }
+
+ if(!BrowseFile (hwndDlg, "RESCUE_DISK_PATH", tmpszRescueDiskISO))
+ return 1;
+
+ return 0;
+ }
+ if (nCurPageNo == SYSENC_PRETEST_RESULT_PAGE && lw == IDC_CHECKBOX_PRETEST)
+ {
+ if (bCheckboxPretest)
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), TRUE);
+ else
+ EnableWindow (GetDlgItem (GetParent (hwndDlg), IDC_NEXT), FALSE);
}
if ((nCurPageNo == SYSENC_WIPE_MODE_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_WIPE_MODE_PAGE
|| nCurPageNo == DEVICE_WIPE_MODE_PAGE)
&& hw == CBN_SELCHANGE)
{
nWipeMode = (WipeAlgorithmId) SendMessage (GetDlgItem (hCurPage, IDC_WIPE_MODE),
CB_GETITEMDATA,
SendMessage (GetDlgItem (hCurPage, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),
@@ -6364,25 +6612,23 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
exit (1);
}
volTransformThreadFunction (hwndDlg);
exit (bOperationSuccess? 0 : 1);
}
SHGetFolderPath (NULL, CSIDL_MYDOCUMENTS, NULL, 0, szRescueDiskISO);
- if (bSystemIsGPT)
- StringCbCatW (szRescueDiskISO, sizeof(szRescueDiskISO), L"\\VeraCrypt Rescue Disk.zip");
- else
- StringCbCatW (szRescueDiskISO, sizeof(szRescueDiskISO), L"\\VeraCrypt Rescue Disk.iso");
+ StringCbCatW (szRescueDiskISO, sizeof(szRescueDiskISO), L"\\VeraCrypt Rescue Disk.zip");
+
if (IsOSAtLeast (WIN_VISTA))
{
// Availability of in-place encryption (which is pre-selected by default whenever
// possible) makes partition-hosted volume creation safer.
bWarnDeviceFormatAdvanced = FALSE;
}
#ifdef _DEBUG
// For faster testing
StringCchCopyA (szVerify, ARRAYSIZE(szVerify), "q");
@@ -6652,55 +6898,53 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
{
// Keyboard layout is not standard US
WipePasswordsAndKeyfiles (true);
SetPassword (hCurPage, IDC_PASSWORD, szRawPassword);
SetPassword (hCurPage, IDC_VERIFY, szVerify);
keybLayout = (DWORD) LoadKeyboardLayout (L"00000409", KLF_ACTIVATE);
+ // East Asian languages are not translated to US keyboard layout so we need to change keyboard layout
if (keybLayout != 0x00000409 && keybLayout != 0x04090409)
{
KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);
Error ("CANT_CHANGE_KEYB_LAYOUT_FOR_SYS_ENCRYPTION", MainDlg);
EndMainDlg (MainDlg);
return 1;
}
-
+
bKeyboardLayoutChanged = TRUE;
-
wchar_t szTmp [4096];
StringCbCopyW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_CHANGE_PREVENTED"));
StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");
StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));
MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONWARNING | MB_SETFOREGROUND | MB_TOPMOST);
- }
-
- /* Watch the right Alt key (which is used to enter various characters on non-US keyboards) */
- if (bKeyboardLayoutChanged && !bKeybLayoutAltKeyWarningShown)
- {
- if (GetAsyncKeyState (VK_RMENU) < 0)
+ if (bKeyboardLayoutChanged && !bKeybLayoutAltKeyWarningShown)
{
- bKeybLayoutAltKeyWarningShown = TRUE;
+ if (GetAsyncKeyState (VK_RMENU) < 0)
+ {
+ bKeybLayoutAltKeyWarningShown = TRUE;
- wchar_t szTmp [4096];
- StringCbCopyW (szTmp, sizeof(szTmp), GetString ("ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION"));
- StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");
- StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));
- MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONINFORMATION | MB_SETFOREGROUND | MB_TOPMOST);
+
+ wchar_t szTmp [4096];
+ StringCbCopyW (szTmp, sizeof(szTmp), GetString ("ALT_KEY_CHARS_NOT_FOR_SYS_ENCRYPTION"));
+ StringCbCatW (szTmp, sizeof(szTmp), L"\n\n");
+ StringCbCatW (szTmp, sizeof(szTmp), GetString ("KEYB_LAYOUT_SYS_ENC_EXPLANATION"));
+ MessageBoxW (MainDlg, szTmp, lpszTitle, MB_ICONINFORMATION | MB_SETFOREGROUND | MB_TOPMOST);
+ }
}
}
}
return 1;
-
case TIMER_ID_SYSENC_DRIVE_ANALYSIS_PROGRESS:
if (bSysEncDriveAnalysisInProgress)
{
UpdateProgressBarProc (GetTickCount() - SysEncDriveAnalysisStart);
if (GetTickCount() - SysEncDriveAnalysisStart > SYSENC_DRIVE_ANALYSIS_ETA)
{
// It's taking longer than expected -- reinit the progress bar
SysEncDriveAnalysisStart = GetTickCount ();
@@ -7007,21 +7251,34 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
EndMainDlg (hwndDlg);
return 1;
case WM_COMMAND:
if (lw == IDHELP)
{
- OpenPageHelp (hwndDlg, nCurPageNo);
+ if (nCurPageNo == SYSENC_RESCUE_DISK_CREATION_PAGE ||
+ nCurPageNo == SYSENC_RESCUE_DISK_BURN_PAGE ||
+ nCurPageNo == SYSENC_RESCUE_DISK_VERIFIED_PAGE)
+ {
+ Applink("rescue");
+ }
+ else if (nCurPageNo == PASSWORD_PAGE)
+ {
+ Applink("passwords");
+ }
+ else
+ {
+ OpenPageHelp(hwndDlg, nCurPageNo);
+ }
return 1;
}
else if (lw == IDCANCEL)
{
PostMessage (hwndDlg, TC_APPMSG_FORMAT_USER_QUIT, 0, 0);
return 1;
}
else if (lw == IDC_NEXT)
{
if (nCurPageNo == INTRO_PAGE)
@@ -7076,21 +7333,21 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
}
else if (nCurPageNo == SYSENC_TYPE_PAGE)
{
if (bHiddenOS)
{
bWholeSysDrive = FALSE;
bHiddenVolDirect = FALSE;
}
if (!bHiddenOS)
- nNewPageNo = SYSENC_SPAN_PAGE - 1; // Skip irrelevant pages
+ nNewPageNo = PASSWORD_PAGE - 1; // Skip irrelevant pages
}
else if (nCurPageNo == SYSENC_HIDDEN_OS_REQ_CHECK_PAGE)
{
WaitCursor ();
try
{
BootEncObj->CheckRequirementsHiddenOS ();
if (CheckGapBetweenSysAndHiddenOS ())
Warning ("GAP_BETWEEN_SYS_AND_HIDDEN_OS_PARTITION", MainDlg);
@@ -7620,38 +7877,43 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
return 1;
}
}
if (!(bHiddenVolDirect && bHiddenVolHost))
nNewPageNo = PASSWORD_PAGE - 1;
}
else if (nCurPageNo == PASSWORD_PAGE)
{
+ if (SysEncInEffect ())
+ {
+ wchar_t tmpPwd[MAX_PASSWORD + 1];
+ GetWindowText (GetDlgItem (hCurPage, IDC_PASSWORD), tmpPwd, iMaxPasswordLength + 1);
+ }
VerifyPasswordAndUpdate (hwndDlg, GetDlgItem (MainDlg, IDC_NEXT),
GetDlgItem (hCurPage, IDC_PASSWORD),
GetDlgItem (hCurPage, IDC_VERIFY),
volumePassword.Text,
szVerify,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
if (volumePassword.Length > 0)
{
// Password character encoding
if (SysEncInEffect () && !CheckPasswordCharEncoding (GetDlgItem (hCurPage, IDC_PASSWORD), NULL))
{
Error ("UNSUPPORTED_CHARS_IN_PWD", hwndDlg);
return 1;
}
- // Check password length (check also done for outer volume which is not the case in TrueCrypt).
+ // Check password length (check also done for outer volume which is not the case in TrueCrypt).
else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, 0, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE))
{
return 1;
}
}
// Store the password in case we need to restore it after keyfile is applied to it
if (!GetPassword (hCurPage, IDC_PASSWORD, szRawPassword, iMaxPasswordLength + 1, FALSE, TRUE))
return 1;
@@ -7676,58 +7938,87 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);
if (bKeyboardLayoutChanged)
{
// Restore the original keyboard layout
if (LoadKeyboardLayout (OrigKeyboardLayout, KLF_ACTIVATE | KLF_SUBSTITUTE_OK) == NULL)
Warning ("CANNOT_RESTORE_KEYBOARD_LAYOUT", hwndDlg);
else
bKeyboardLayoutChanged = FALSE;
}
-
}
if (!PimEnable)
{
// PIM not activated. Skip PIM page
nNewPageNo = PIM_PAGE;
volumePim = 0;
if (!CreatingHiddenSysVol() && bHiddenVol && !bHiddenVolHost)
{
if ( (volumePim == outerVolumePim)
&& (volumePassword.Length == outerVolumePassword.Length)
&& (0 == memcmp (volumePassword.Text, outerVolumePassword.Text, volumePassword.Length))
)
{
Warning ("HIDDEN_CREDS_SAME_AS_OUTER", hwndDlg);
return 1;
}
}
- if (SysEncInEffect ())
- {
- nNewPageNo = SYSENC_COLLECTING_RANDOM_DATA_PAGE - 1; // Skip irrelevant pages
- }
-
if (bInPlaceEncNonSys)
{
nNewPageNo = NONSYS_INPLACE_ENC_RAND_DATA_PAGE - 1; // Skip irrelevant pages
}
else if (WizardMode != WIZARD_MODE_SYS_DEVICE
&& !FileSize4GBLimitQuestionNeeded ()
|| CreatingHiddenSysVol()) // If we're creating a hidden volume for a hidden OS, we don't need to format it with any filesystem (the entire OS will be copied to the hidden volume sector by sector).
{
nNewPageNo = FORMAT_PAGE - 1; // Skip irrelevant pages
}
}
+
+
+ if (SysEncInEffect ())
+ {
+ if (PimEnable)
+ nNewPageNo = PIM_PAGE - 1;
+ else
+ {
+ nNewPageNo = SYSENC_RESCUE_DISK_CREATION_PAGE - 1; // Skip irrelevant pages
+
+ wchar_t tmp[RANDPOOL_DISPLAY_SIZE + 1];
+ if (!bInPlaceEncNonSys)
+ {
+ /* Generate master key and other related data (except the rescue disk) for system encryption. */
+ try
+ {
+ WaitCursor();
+ BootEncObj->PrepareInstallation(!bWholeSysDrive, volumePassword, nVolumeEA, FIRST_MODE_OF_OPERATION_ID, hash_algo, volumePim, L"");
+ }
+ catch (Exception &e)
+ {
+ e.Show(hwndDlg);
+ NormalCursor();
+ return 1;
+ }
+ }
+ KillTimer(hwndDlg, TIMER_ID_RANDVIEW);
+ // Attempt to wipe the GUI field showing portions of randpool
+ wmemset(tmp, L'X', ARRAYSIZE(tmp));
+ tmp[ARRAYSIZE(tmp) - 1] = 0;
+ SetWindowText(hRandPoolSys, tmp);
+ NormalCursor();
+ }
+
+ }
}
else if (nCurPageNo == PIM_PAGE)
{
volumePim = GetPim (hCurPage, IDC_PIM, 0);
if (!SysEncInEffect() && (volumePim > MAX_PIM_VALUE))
{
SetFocus (GetDlgItem(hCurPage, IDC_PIM));
Error ("PIM_TOO_BIG", hwndDlg);
@@ -7749,42 +8040,64 @@ BOOL CALLBACK MainDialogProc (HWND hwndDlg, UINT uMsg, WPARAM wParam, LPARAM lPa
if (volumePassword.Length > 0)
{
// Password character encoding
if (SysEncInEffect() && (volumePim > MAX_BOOT_PIM_VALUE))
{
SetFocus (GetDlgItem(hCurPage, IDC_PIM));
Error ("PIM_SYSENC_TOO_BIG", hwndDlg);
return 1;
}
// Check password length (check also done for outer volume which is not the case in TrueCrypt).
- else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, TRUE, FALSE))
+ else if (!CheckPasswordLength (hwndDlg, volumePassword.Length, volumePim, SysEncInEffect(), SysEncInEffect()? hash_algo : 0, FALSE, FALSE))
{
return 1;
}
}
- if (SysEncInEffect ())
- {
-
- nNewPageNo = SYSENC_COLLECTING_RANDOM_DATA_PAGE - 1; // Skip irrelevant pages
- }
-
if (bInPlaceEncNonSys)
{
nNewPageNo = NONSYS_INPLACE_ENC_RAND_DATA_PAGE - 1; // Skip irrelevant pages
}
else if (WizardMode != WIZARD_MODE_SYS_DEVICE
&& !FileSize4GBLimitQuestionNeeded ()
|| CreatingHiddenSysVol()) // If we're creating a hidden volume for a hidden OS, we don't need to format it with any filesystem (the entire OS will be copied to the hidden volume sector by sector).
{
nNewPageNo = FORMAT_PAGE - 1; // Skip irrelevant pages
}
+
+ if (SysEncInEffect ())
+ {
+ nNewPageNo = SYSENC_RESCUE_DISK_CREATION_PAGE - 1; // Skip irrelevant pages
+
+ wchar_t tmp[RANDPOOL_DISPLAY_SIZE + 1];
+ if (!bInPlaceEncNonSys)
+ {
+ /* Generate master key and other related data (except the rescue disk) for system encryption. */
+ try
+ {
+ WaitCursor();
+ BootEncObj->PrepareInstallation(!bWholeSysDrive, volumePassword, nVolumeEA, FIRST_MODE_OF_OPERATION_ID, hash_algo, volumePim, L"");
+ }
+ catch (Exception &e)
+ {
+ e.Show(hwndDlg);
+ NormalCursor();
+ return 1;
+ }
+ }
+ KillTimer(hwndDlg, TIMER_ID_RANDVIEW);
+ // Attempt to wipe the GUI field showing portions of randpool
+ wmemset(tmp, L'X', ARRAYSIZE(tmp));
+ tmp[ARRAYSIZE(tmp) - 1] = 0;
+ SetWindowText(hRandPoolSys, tmp);
+ NormalCursor();
+ }
}
else if (nCurPageNo == HIDDEN_VOL_HOST_PASSWORD_PAGE
|| nCurPageNo == NONSYS_INPLACE_ENC_RESUME_PASSWORD_PAGE)
{
WaitCursor ();
if (!GetPassword (hCurPage, IDC_PASSWORD_DIRECT, (char*) volumePassword.Text, iMaxPasswordLength + 1, FALSE, TRUE))
{
NormalCursor ();
@@ -8796,20 +9109,40 @@ ovf_end:
return 1;
}
else if (lw == IDC_PREV)
{
if (nCurPageNo == SYSENC_SPAN_PAGE)
{
// Skip irrelevant pages when going back
if (!bHiddenOS)
nNewPageNo = SYSENC_TYPE_PAGE + 1;
}
+
+ if (nCurPageNo == SYSENC_RESCUE_DISK_CREATION_PAGE)
+ {
+ if (SysEncInEffect ())
+ {
+ nNewPageNo = (PimEnable? PIM_PAGE : PASSWORD_PAGE) + 1;
+ }
+ }
+
+ if (nCurPageNo == SYSENC_RESCUE_DISK_BURN_PAGE)
+ {
+ nNewPageNo = SYSENC_RESCUE_DISK_BURN_PAGE + 1; // Stay on the same page
+ Warning("RESCUE_DISK_BACK_BUTTON", hwndDlg);
+ }
+
+ if (nCurPageNo == SYSENC_PRETEST_RESULT_PAGE)
+ {
+ nNewPageNo = SYSENC_PRETEST_RESULT_PAGE + 1; // Stay on the same page
+ }
+
if (nCurPageNo == SYSENC_MULTI_BOOT_MODE_PAGE)
{
// Skip the drive analysis page(s) or other irrelevant pages when going back
if (bHiddenOS)
nNewPageNo = SYSENC_HIDDEN_OS_REQ_CHECK_PAGE + 1;
else if (bWholeSysDrive)
nNewPageNo = SYSENC_PRE_DRIVE_ANALYSIS_PAGE + 1;
else
nNewPageNo = SYSENC_SPAN_PAGE + 1;
}
@@ -8921,21 +9254,24 @@ ovf_end:
szVerify,
KeyFilesEnable && FirstKeyFile!=NULL && !SysEncInEffect ());
volumePassword.Length = (unsigned __int32) strlen ((char *) volumePassword.Text);
nNewPageNo = SIZE_PAGE + 1; // Skip the hidden volume host password page
if (SysEncInEffect ())
{
- nNewPageNo = CIPHER_PAGE + 1; // Skip irrelevant pages
+ if (!bHiddenOS)
+ nNewPageNo = SYSENC_TYPE_PAGE + 1; // Skip irrelevant pages
+ else
+ nNewPageNo = CIPHER_PAGE + 1; // Skip irrelevant pages
KillTimer (hwndDlg, TIMER_ID_KEYB_LAYOUT_GUARD);
if (bKeyboardLayoutChanged)
{
// Restore the original keyboard layout
if (LoadKeyboardLayout (OrigKeyboardLayout, KLF_ACTIVATE | KLF_SUBSTITUTE_OK) == NULL)
Warning ("CANNOT_RESTORE_KEYBOARD_LAYOUT", hwndDlg);
else
bKeyboardLayoutChanged = FALSE;
@@ -10624,10 +10960,519 @@ static DWORD GetFormatSectorSize ()
DISK_GEOMETRY_EX geometry;
if (!GetDriveGeometry (szDiskFile, &geometry))
{
handleWin32Error (MainDlg, SRC_POS);
AbortProcessSilent();
}
return geometry.Geometry.BytesPerSector;
}
+
+/* This function is called when advanced dialog in intro page is open */
+BOOL CALLBACK AdvanceDlgProcIntro (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
+{
+ WORD lw = LOWORD(wParam);
+
+ switch (msg)
+ {
+ case WM_INITDIALOG:
+
+ bHiddenVolHost = bHiddenVol = bHiddenOS;
+
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), WM_SETFONT, (WPARAM) hUserBoldFont, (LPARAM) TRUE);
+
+ CheckButton (GetDlgItem (hwndDlg, bHiddenOS ? IDC_SYSENC_HIDDEN : IDC_SYSENC_NORMAL));
+
+ return 1;
+ case WM_COMMAND:
+ {
+ if (lw == IDCANCEL)
+ {
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+
+ if(lw == IDOK)
+ {
+ if (bHiddenOS)
+ {
+ bWholeSysDrive = FALSE;
+ bHiddenVolDirect = FALSE;
+ }
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+
+ if (lw == IDC_SYSENC_HIDDEN)
+ {
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_NORMAL), BM_SETCHECK, BST_UNCHECKED, 0);
+
+ bHiddenOS = TRUE;
+ bHiddenVol = TRUE;
+ bHiddenVolHost = TRUE;
+ return 1;
+ }
+
+ if (lw == IDC_SYSENC_NORMAL)
+ {
+ SendMessage (GetDlgItem (hwndDlg, IDC_SYSENC_HIDDEN), BM_SETCHECK, BST_UNCHECKED, 0);
+
+ bHiddenOS = FALSE;
+ bHiddenVol = FALSE;
+ bHiddenVolHost = FALSE;
+ return 1;
+ }
+
+ if(lw == IDHELP)
+ {
+ Applink ("hiddensysenc");
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+/* AES, HASH, Pim and Wipe mode can be selected here */
+BOOL CALLBACK AdvanceDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam)
+{
+ WORD lw = LOWORD(wParam);
+ WORD hw = HIWORD(wParam);
+ int ea, hid;
+ wchar_t buf[100];
+ BOOL bNTFSallowed = FALSE;
+ BOOL bFATallowed = FALSE;
+ BOOL bEXFATallowed = FALSE;
+ BOOL bReFSallowed = FALSE;
+ BOOL bNoFSallowed = FALSE;
+ hCurPage = hwndDlg;
+
+ switch (msg)
+ {
+ case WM_INITDIALOG:
+ {
+ SetWindowTextW ( GetDlgItem (hwndDlg, IDT_IMPORTANT_NOTE), GetString ("ADV_FEATURES_NOTE"));
+ SetWindowTextW ( GetDlgItem (hwndDlg, IDT_PIM_INFO), GetString ("PIM_INFO"));
+ SetWindowTextW ( GetDlgItem (hwndDlg, IDT_WIPE_INFO), GetString ("WIPE_INFO"));
+
+ /* Encryption algorithms */
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_COMBO_BOX), CB_RESETCONTENT, 0, 0);
+
+ for (ea = EAGetFirst (); ea != 0; ea = EAGetNext (ea))
+ {
+ if (EAIsFormatEnabled (ea) && (!SysEncInEffect () || bSystemIsGPT || EAIsMbrSysEncEnabled (ea)))
+ AddComboPair (GetDlgItem (hwndDlg, IDC_COMBO_BOX), EAGetName (buf, ARRAYSIZE(buf), ea, 1), ea);
+ }
+
+ SelectAlgo (GetDlgItem (hwndDlg, IDC_COMBO_BOX), &nVolumeEA);
+ ComboSelChangeEA (hwndDlg);
+ SetFocus (GetDlgItem (hwndDlg, IDC_COMBO_BOX));
+
+ /* Hash algorithms */
+ if (SysEncInEffect())
+ {
+ RandSetHashFunction(hash_algo);
+ for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
+ {
+ // Use blake2s for hashing
+ if (((hid == BLAKE2S) || !HashIsDeprecated(hid)) && (bSystemIsGPT || HashForSystemEncryption(hid)))
+ AddComboPair(GetDlgItem(hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
+ }
+ }
+ else
+ {
+ hash_algo = RandGetHashFunction();
+ for (hid = FIRST_PRF_ID; hid <= LAST_PRF_ID; hid++)
+ {
+ if (!HashIsDeprecated(hid))
+ AddComboPair(GetDlgItem(hwndDlg, IDC_COMBO_BOX_HASH_ALGO), HashGetName(hid), hid);
+ }
+ }
+
+ if (CreatingHiddenSysVol())
+ Warning ("HIDDEN_OS_PRE_CIPHER_WARNING", MainDlg);
+
+ SetWindowText(GetDlgItem(hwndDlg, IDC_SHA512_HELP), GetString("SHA512_HELP"));
+ SelectAlgo(GetDlgItem(hwndDlg, IDC_COMBO_BOX_HASH_ALGO), &hash_algo);
+
+ /* file system options */
+ SetTimer(GetParent(hwndDlg), TIMER_ID_RANDVIEW, TIMER_INTERVAL_RANDVIEW, NULL);
+
+ hMasterKey = GetDlgItem(hwndDlg, IDC_DISK_KEY);
+ hHeaderKey = GetDlgItem(hwndDlg, IDC_HEADER_KEY);
+ hRandPool = GetDlgItem(hwndDlg, IDC_RANDOM_BYTES);
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_RANDOM_BYTES), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_DISK_KEY), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+ SendMessage(GetDlgItem(hwndDlg, IDC_HEADER_KEY), WM_SETFONT, (WPARAM)hFixedDigitFont, (LPARAM)TRUE);
+
+ /* Quick/Dynamic */
+
+ if (bHiddenVol)
+ {
+ quickFormat = !bHiddenVolHost;
+ dynamicFormat = FALSE;
+ bSparseFileSwitch = FALSE;
+ }
+ else
+ {
+ if (bDevice)
+ {
+ dynamicFormat = FALSE;
+ bSparseFileSwitch = FALSE;
+ }
+ else
+ {
+ wchar_t root[TC_MAX_PATH];
+ DWORD fileSystemFlags = 0;
+
+ /* Check if the host file system supports sparse files */
+
+ if (GetVolumePathName (szFileName, root, array_capacity (root)))
+ {
+ GetVolumeInformation (root, NULL, 0, NULL, NULL, &fileSystemFlags, NULL, 0);
+ bSparseFileSwitch = fileSystemFlags & FILE_SUPPORTS_SPARSE_FILES;
+ }
+ else
+ bSparseFileSwitch = FALSE;
+ if (!bSparseFileSwitch)
+ {
+ dynamicFormat = FALSE;
+ }
+ }
+ }
+ SendMessage (GetDlgItem (hwndDlg, IDC_SHOW_KEYS), BM_SETCHECK, showKeys ? BST_CHECKED : BST_UNCHECKED, 0);
+ SetWindowText (GetDlgItem (hwndDlg, IDC_RANDOM_BYTES), showKeys ? L"" : L"******************************** ");
+ SetWindowText (GetDlgItem (hwndDlg, IDC_HEADER_KEY), showKeys ? L"" : L"******************************** ");
+ SetWindowText (GetDlgItem (hwndDlg, IDC_DISK_KEY), showKeys ? L"" : L"******************************** ");
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), CB_RESETCONTENT, 0, 0);
+ AddComboPairW(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), GetString("DEFAULT"), 0);
+ SendMessage(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), CB_SETCURSEL, 0, 0);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_CLUSTERSIZE), TRUE);
+
+ /* Filesystems */
+ bNTFSallowed = FALSE;
+ bFATallowed = FALSE;
+ bEXFATallowed = FALSE;
+ bReFSallowed = FALSE;
+ bNoFSallowed = FALSE;
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_FILESYS), CB_RESETCONTENT, 0, 0);
+ EnableWindow(GetDlgItem(hwndDlg, IDC_FILESYS), TRUE);
+
+ uint64 dataAreaSize = GetVolumeDataAreaSize (bHiddenVol && !bHiddenVolHost, nVolumeSize);
+
+ if (!CreatingHiddenSysVol())
+ {
+ if (dataAreaSize >= TC_MIN_NTFS_FS_SIZE && dataAreaSize <= TC_MAX_NTFS_FS_SIZE)
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"NTFS", FILESYS_NTFS);
+ bNTFSallowed = TRUE;
+ }
+
+ if (dataAreaSize >= TC_MIN_FAT_FS_SIZE && dataAreaSize <= TC_MAX_FAT_SECTOR_COUNT * GetFormatSectorSize())
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"FAT", FILESYS_FAT);
+ bFATallowed = TRUE;
+ }
+
+ //exFAT support added starting from Vista SP1
+ if (IsOSVersionAtLeast (WIN_VISTA, 1) && dataAreaSize >= TC_MIN_EXFAT_FS_SIZE && dataAreaSize <= TC_MAX_EXFAT_FS_SIZE)
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"exFAT", FILESYS_EXFAT);
+ bEXFATallowed = TRUE;
+ }
+
+ //ReFS write support activated by default starting from Windows 10
+ //We don't support it yet for the creation of hidden volumes
+ if ((!bHiddenVolHost) && IsOSVersionAtLeast (WIN_10, 0) && dataAreaSize >= TC_MIN_REFS_FS_SIZE && dataAreaSize <= TC_MAX_REFS_FS_SIZE)
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"ReFS", FILESYS_REFS);
+ bReFSallowed = TRUE;
+ }
+ }
+ else
+ {
+ // We're creating a hidden volume for a hidden OS, so we don't need to format it with
+ // any filesystem (the entire OS will be copied to the hidden volume sector by sector).
+ EnableWindow (GetDlgItem (hwndDlg, IDC_FILESYS), FALSE);
+ EnableWindow (GetDlgItem (hwndDlg, IDC_CLUSTERSIZE), FALSE);
+ }
+ if (!bHiddenVolHost)
+ {
+ AddComboPairW(GetDlgItem(hwndDlg, IDC_FILESYS), GetString("NONE"), FILESYS_NONE);
+ bNoFSallowed = TRUE;
+ }
+ if (fileSystem == FILESYS_NONE) // If no file system has been previously selected
+ {
+ // Set default file system
+
+ if (bFATallowed && !(nNeedToStoreFilesOver4GB == 1 && (bNTFSallowed || bEXFATallowed || bReFSallowed)))
+ fileSystem = FILESYS_FAT;
+ else if (bEXFATallowed)
+ fileSystem = FILESYS_EXFAT;
+ else if (bNTFSallowed)
+ fileSystem = FILESYS_NTFS;
+ else if (bReFSallowed)
+ fileSystem = FILESYS_REFS;
+ else if (bNoFSallowed)
+ fileSystem = FILESYS_NONE;
+ else
+ {
+ AddComboPair (GetDlgItem (hwndDlg, IDC_FILESYS), L"---", 0);
+ }
+ }
+
+ SendMessage(GetDlgItem(hwndDlg, IDC_FILESYS), CB_SETCURSEL, 0, 0);
+ SelectAlgo(GetDlgItem(hwndDlg, IDC_FILESYS), (int *)&fileSystem);
+
+ /* PIM and Wipe mode */
+ SetCheckBox(hwndDlg, IDC_PIM_ENABLE, PimEnable);
+
+ PopulateWipeModeCombo(GetDlgItem(hwndDlg, IDC_WIPE_MODE),
+ SystemEncryptionStatus == SYSENC_STATUS_DECRYPTING && !bInPlaceEncNonSys,
+ TRUE,
+ FALSE);
+ SelectAlgo(GetDlgItem(hwndDlg, IDC_WIPE_MODE), (int *)&nWipeMode);
+ SetFocus(GetDlgItem(GetParent(hwndDlg), IDOK));
+ }
+ return 1;
+ case WM_COMMAND:
+ if (lw == IDCANCEL)
+ {
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+ if (lw == IDOK)
+ {
+ /* Save hash and encryption algo */
+ LPARAM nIndex;
+ nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
+ nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
+
+ if (!bSystemIsGPT && SysEncInEffect ()
+ && EAGetCipherCount (nVolumeEA) > 1) // Cascade?
+ {
+ if (AskWarnNoYes ("CONFIRM_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg) == IDNO)
+ return 1;
+
+ if (!bHiddenOS)
+ Info ("NOTE_CASCADE_FOR_SYS_ENCRYPTION", hwndDlg);
+ }
+
+ nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO), CB_GETCURSEL, 0, 0);
+ hash_algo = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO), CB_GETITEMDATA, nIndex, 0);
+
+ RandSetHashFunction (hash_algo);
+
+ /* Save PIM and Wipe mode */
+ nWipeMode = (WipeAlgorithmId)SendMessage(GetDlgItem(hwndDlg, IDC_WIPE_MODE),
+ CB_GETITEMDATA,
+ SendMessage(GetDlgItem(hwndDlg, IDC_WIPE_MODE), CB_GETCURSEL, 0, 0),
+ 0);
+
+ PimEnable = GetCheckBox(hwndDlg, IDC_PIM_ENABLE);
+ SetCheckBox(hwndDlg, IDC_PIM_ENABLE, PimEnable);
+
+ EndDialog(hwndDlg, lw);
+ return 1;
+ }
+ if (lw == IDC_CIPHER_TEST)
+ {
+ LPARAM nIndex;
+ int c;
+
+ nIndex = SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETCURSEL, 0, 0);
+ nVolumeEA = (int) SendMessage (GetDlgItem (hCurPage, IDC_COMBO_BOX), CB_GETITEMDATA, nIndex, 0);
+
+ for (c = EAGetLastCipher (nVolumeEA); c != 0; c = EAGetPreviousCipher (nVolumeEA, c))
+ {
+ DialogBoxParamW (hInst, MAKEINTRESOURCEW (IDD_CIPHER_TEST_DLG),
+ GetParent (hwndDlg), (DLGPROC) CipherTestDialogProc, (LPARAM) c);
+ }
+
+ return 1;
+ }
+
+ if (lw == IDC_BENCHMARK)
+ {
+ // Reduce CPU load
+ bFastPollEnabled = FALSE;
+ bRandmixEnabled = FALSE;
+
+ DialogBoxParamW (hInst,
+ MAKEINTRESOURCEW (IDD_BENCHMARK_DLG), hwndDlg,
+ (DLGPROC) BenchmarkDlgProc, (LPARAM) bSystemIsGPT);
+
+ bFastPollEnabled = TRUE;
+ bRandmixEnabled = TRUE;
+ return 1;
+ }
+
+ if (lw == IDC_WIPE_MODE && hw == CBN_SELCHANGE)
+ {
+ Warning ("WIPE_WARNING", hwndDlg);
+ return 1;
+ }
+
+ if (hw == CBN_SELCHANGE && lw == IDC_COMBO_BOX)
+ {
+ ComboSelChangeEA (hwndDlg);
+ SetWindowTextW (GetDlgItem (hCurPage, IDC_BENCHMARK), GetString ("IDC_BENCHMARK"));
+ return 1;
+ }
+
+ if (hw == CBN_SELCHANGE && lw == IDC_COMBO_BOX_HASH_ALGO)
+ {
+ ShowWindow (GetDlgItem (hwndDlg, IDT_HASH_ALGO), SW_SHOW);
+ if (SysEncInEffect())
+ {
+ HWND hHashAlgoItem = GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO);
+ int selectedAlgo = (int)SendMessage (hHashAlgoItem, CB_GETITEMDATA, SendMessage (hHashAlgoItem, CB_GETCURSEL, 0, 0), 0);
+
+ if (!bSystemIsGPT && !HashForSystemEncryption (selectedAlgo))
+ {
+ hash_algo = DEFAULT_HASH_ALGORITHM_BOOT;
+ RandSetHashFunction (DEFAULT_HASH_ALGORITHM_BOOT);
+ Info ("ALGO_NOT_SUPPORTED_FOR_SYS_ENCRYPTION", MainDlg);
+ SelectAlgo (GetDlgItem (hCurPage, IDC_COMBO_BOX_HASH_ALGO), &hash_algo);
+ }
+ }
+ return 1;
+ }
+
+ if (lw == IDC_PIM_ENABLE)
+ {
+ PimEnable = GetCheckBox (hwndDlg, IDC_PIM_ENABLE);
+ if (!PimEnable)
+ volumePim = 0;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+void
+AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value)
+{
+ LPARAM nIndex;
+ nIndex = SendMessageW(hComboBox, CB_ADDSTRING, 0, (LPARAM)lpszItem);
+ nIndex = SendMessage(hComboBox, CB_SETITEMDATA, nIndex, (LPARAM)value);
+}
+
+/* Acording to NIST, only a blacklist check and at least 8 character should be compulsary, no special character check... */
+int PrintStrongness (char input[], unsigned int length)
+{
+ unsigned int n = length;
+ int iReturnValue = 0;
+ if (n < 10)
+ {
+ burn (input, sizeof(input));
+ return iReturnValue = weak;
+ }
+ else if (CheckWord(input))
+ {
+ burn (input, sizeof(input));
+ return iReturnValue = weak;
+ }
+ //Tetermine the strength of the passsord
+ if ((n >= 13))
+ {
+ iReturnValue = very_strong;
+ }
+ //if 3 out of 4 paramters are true
+ else if (n >= 10)
+ {
+ iReturnValue = strong;
+ }
+ //if 2 out of 4 values are true
+ else if (n >= 8)
+ {
+ iReturnValue = medium;
+ }
+ else
+ {
+ iReturnValue = weak;
+ }
+ burn (input, sizeof(input));
+ return iReturnValue;
+}
+
+/* Check if password is in list
+Credits go Martin York from https://codereview.stackexchange.com/questions/52702/how-to-search-for-a-word-in-a-sorted-text-file-efficiently */
+BOOL CheckWord (char* search)
+{
+
+ bool isWordInDict(std::string const& word);
+ {
+ struct MyDict : std::set<std::string>
+ {
+ typedef std::set<std::string>::const_iterator const_iterator;
+ MyDict()
+ {
+ wchar_t path[TC_MAX_PATH];
+ wchar_t tmp[TC_MAX_PATH];
+ wchar_t destFileName[TC_MAX_PATH] = L"password1000000.txt";
+
+ if (GetModuleFileName (NULL, path, ARRAYSIZE (path)) == 0)
+ {
+ Error ("ERROR_GETTING_PATH", MainDlg);
+ }
+
+ StringCbCopyW(tmp, ARRAYSIZE(tmp), path);
+
+ //detects the last '\' in order to remove the name of the exe file. Afterwards add .txt file in the path
+ for (int i = wcslen(path); i > 1; i--)
+ {
+ if (tmp[i] == '\\')
+ {
+ for(unsigned int j = i + 1; j < wcslen(path); j++)
+ {
+ tmp[j] = '\0';
+ }
+ break;
+ }
+ }
+ StringCbCatW(tmp, sizeof(tmp), destFileName);
+
+ std::ifstream fin(tmp);
+ std::copy(std::istream_iterator<std::string>(fin), std::istream_iterator<std::string>(),
+ std::inserter(*this, end()));
+ }
+ };
+ static const MyDict dict;
+ MyDict::const_iterator find = dict.find(search);
+
+ return find != dict.end();
+ }
+}
+
+/* Credits go to Barmak Shemirani from https://stackoverflow.com/questions/31407492/c-tooltip-function-for-checkbox */
+void CreateToolTip(HWND hWndParent, HWND hControlItem, PTSTR pszText)
+{
+ if (!hControlItem || !hWndParent || !pszText)
+ return;
+
+ HWND hwndTip = CreateWindowEx(NULL, TOOLTIPS_CLASS, NULL,
+ WS_POPUP | TTS_NOFADE | TTS_ALWAYSTIP /*| TTS_BALLOON*/,
+ CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT, CW_USEDEFAULT,
+ hWndParent, NULL, GetModuleHandle(NULL), NULL);
+
+ if (!hwndTip)
+ return;
+
+ TOOLINFO toolInfo = { 0 };
+ toolInfo.cbSize = sizeof(toolInfo);
+ toolInfo.hwnd = hWndParent;
+ toolInfo.uFlags = TTF_IDISHWND | TTF_SUBCLASS;
+ toolInfo.uId = (UINT_PTR)hControlItem;
+ toolInfo.lpszText = pszText;
+ GetClientRect(hWndParent, &toolInfo.rect);
+ if (!SendMessage(hwndTip, TTM_ADDTOOL, 0, (LPARAM)&toolInfo))
+ {
+ MessageBox(0, TEXT("TTM_ADDTOOL failed\nWrong project manifest!"), 0, 0);
+ }
+}
diff --git a/src/Format/Tcformat.h b/src/Format/Tcformat.h
index f9328afd..a8237521 100644
--- a/src/Format/Tcformat.h
+++ b/src/Format/Tcformat.h
@@ -97,13 +97,21 @@ extern volatile BOOL bInPlaceDecNonSys;
extern __int64 NonSysInplaceEncBytesDone;
extern __int64 NonSysInplaceEncTotalSize;
extern int nPbar;
extern volatile int WizardMode;
extern volatile BOOL bInPlaceEncNonSysResumed;
extern wchar_t HeaderKeyGUIView [KEY_GUI_VIEW_SIZE];
extern wchar_t MasterKeyGUIView [KEY_GUI_VIEW_SIZE];
extern volatile int NonSysInplaceEncStatus;
+BOOL CALLBACK AdvanceDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
+BOOL CALLBACK FinishDlgProc (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
+void AddComboPairW (HWND hComboBox, const wchar_t *lpszItem, int value);
+int PrintStrongness (char* input, unsigned int length);
+BOOL CheckWord (char search[]);
+BOOL CALLBACK AdvanceDlgProcIntro (HWND hwndDlg, UINT msg, WPARAM wParam, LPARAM lParam);
+void CreateToolTip (HWND hWndParent, HWND hControlItem, PTSTR pszText);
+
#ifdef __cplusplus
}
#endif
diff --git a/src/Release/Setup Files/Product64.wxs b/src/Release/Setup Files/Product64.wxs
index e20fd1dc..2f43edd1 100644
--- a/src/Release/Setup Files/Product64.wxs
+++ b/src/Release/Setup Files/Product64.wxs
@@ -860,23 +860,20 @@
</Component>
<Component Id="cmpB313B00E647A121B2CBE47F3048A18A7" Guid="{5985576D-6F6C-4D96-9B3E-9E0961CF9FAF}">
<File Id="fil2EB5F87C05CCC55D3964D595C85EF19E" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Release Notes.html" DiskId="1" />
</Component>
<Component Id="cmp400428F6494DE58618E3B92539548C39" Guid="{0A1869ED-25F1-4430-97A5-4C6EA8CDA7FC}">
<File Id="filEDEDEF956F04F36B4163989F9AB9285F" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Removable Medium Volume.html" DiskId="1" />
</Component>
<Component Id="cmpFB2313AB16EF2467366ED136C0E61CE6" Guid="{CFEC9559-9F85-46C6-9E98-AEBB573B96FE}">
<File Id="filE496203C4727FDF47F8352CB9722A8C7" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Removing Encryption.html" DiskId="1" />
</Component>
- <Component Id="cmp960F36632D3FB602421D1195E4EB6FE1" Guid="{321F49A5-8A1B-4881-A32D-12EDA99D1B85}">
- <File Id="fil324009D5856BF4C5270D40F1EC4110EB" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\RIPEMD-160.html" DiskId="1" />
- </Component>
<Component Id="cmpB4C7B1A7A3EC0CB2DE805AC5CC5FC0D7" Guid="{4534E8B2-114E-4173-AE3E-75E0D96EB573}">
<File Id="fil8CFD1CFDCBE261B6F91D9E587F8720C0" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Model.html" DiskId="1" />
</Component>
<Component Id="cmp00540BF93A805E0B9996945B61E1BC2F" Guid="{1D5B7A85-87F3-45AF-9C09-BA7E088A835D}">
<File Id="filA7A29851126AC571C090BB0FBEE83CB5" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Requirements and Precautions.html" DiskId="1" />
</Component>
<Component Id="cmp4C46C6668AD830D543AFE593D51676B3" Guid="{4CD21E9D-243F-4A58-A535-AA8EF9D2BFD1}">
<File Id="fil440C5158A3CD96689918C976DC917325" KeyPath="yes" Source="$(sys.CURRENTDIR)\docs\html\en\Security Requirements for Hidden Volumes.html" DiskId="1" />
</Component>
<Component Id="cmp6EE914124966E3A0F695359116413DD4" Guid="{724FA79D-49BC-4075-ABF4-0C318AE39855}">
@@ -1376,21 +1373,20 @@
<ComponentRef Id="cmpF36A771DF9B1C4CD8E82C08A6D3D0786" />
<ComponentRef Id="cmp63F6A68C5538B45661168554BC3B93D1" />
<ComponentRef Id="cmp0158A6D8BED6391AC7150B6C6AE2A9F9" />
<ComponentRef Id="cmpDE45667E9E3CD9F800EAC1E02B57AAB7" />
<ComponentRef Id="cmp632453049391BAACDD117A40EC442743" />
<ComponentRef Id="cmpCE16E453CAD75A461B4FEBF451A51B7B" />
<ComponentRef Id="cmpC741D187A28A87BD33866C9AC09A1298" />
<ComponentRef Id="cmpB313B00E647A121B2CBE47F3048A18A7" />
<ComponentRef Id="cmp400428F6494DE58618E3B92539548C39" />
<ComponentRef Id="cmpFB2313AB16EF2467366ED136C0E61CE6" />
- <ComponentRef Id="cmp960F36632D3FB602421D1195E4EB6FE1" />
<ComponentRef Id="cmpB4C7B1A7A3EC0CB2DE805AC5CC5FC0D7" />
<ComponentRef Id="cmp00540BF93A805E0B9996945B61E1BC2F" />
<ComponentRef Id="cmp4C46C6668AD830D543AFE593D51676B3" />
<ComponentRef Id="cmp6EE914124966E3A0F695359116413DD4" />
<ComponentRef Id="cmp28E29B4CA17AB51913B756CD9397EEFE" />
<ComponentRef Id="cmp5DF24509F284FABC600232197F803DE5" />
<ComponentRef Id="cmp09E31B885345FBEA1F473AF7A10FD88D" />
<ComponentRef Id="cmpAE05C79A35A43ECCAC995A711DC4D60B" />
<ComponentRef Id="cmpB6D91209A93313D08150643F1738DED8" />
<ComponentRef Id="cmpDB66E821EC13977824FB1069DF5DAA69" />
@@ -1699,11 +1695,11 @@
<!-- Set the ARP -->
<Custom Action="SetARPINSTALLLOCATION" After="InstallValidate"></Custom>
<!-- ScheduleReboot only after DoChecks, which sets ISREBOOTREQUIRED -->
<ScheduleReboot After="DoChecks">ISREBOOTREQUIRED = "1"</ScheduleReboot>
</InstallExecuteSequence>
</Product>
-</Wix> \ No newline at end of file
+</Wix>
diff --git a/src/Release/Setup Files/password1000000.txt b/src/Release/Setup Files/password1000000.txt
new file mode 100644
index 00000000..e6e50bf5
--- /dev/null
+++ b/src/Release/Setup Files/password1000000.txt
@@ -0,0 +1,999999 @@
+123456
+password
+12345678
+qwerty
+123456789
+12345
+1234
+111111
+1234567
+dragon
+123123
+baseball
+abc123
+football
+monkey
+letmein
+696969
+shadow
+master
+666666
+qwertyuiop
+123321
+mustang
+1234567890
+michael
+654321
+pussy
+superman
+1qaz2wsx
+7777777
+fuckyou
+121212
+000000
+qazwsx
+123qwe
+killer
+trustno1
+jordan
+jennifer
+zxcvbnm
+asdfgh
+hunter
+buster
+soccer
+harley
+batman
+andrew
+tigger
+sunshine
+iloveyou
+fuckme
+2000
+charlie
+robert
+thomas
+hockey
+ranger
+daniel
+starwars
+klaster
+112233
+george
+asshole
+computer
+michelle
+jessica
+pepper
+1111
+zxcvbn
+555555
+11111111
+131313
+freedom
+777777
+pass
+fuck
+maggie
+159753
+aaaaaa
+ginger
+princess
+joshua
+cheese
+amanda
+summer
+love
+ashley
+6969
+nicole
+chelsea
+biteme
+matthew
+access
+yankees
+987654321
+dallas
+austin
+thunder
+taylor
+matrix
+william
+corvette
+hello
+martin
+heather
+secret
+fucker
+merlin
+diamond
+1234qwer
+gfhjkm
+hammer
+silver
+222222
+88888888
+anthony
+justin
+test
+bailey
+q1w2e3r4t5
+patrick
+internet
+scooter
+orange
+11111
+golfer
+cookie
+richard
+samantha
+bigdog
+guitar
+jackson
+whatever
+mickey
+chicken
+sparky
+snoopy
+maverick
+phoenix
+camaro
+sexy
+peanut
+morgan
+welcome
+falcon
+cowboy
+ferrari
+samsung
+andrea
+smokey
+steelers
+joseph
+mercedes
+dakota
+arsenal
+eagles
+melissa
+boomer
+booboo
+spider
+nascar
+monster
+tigers
+yellow
+xxxxxx
+123123123
+gateway
+marina
+diablo
+bulldog
+qwer1234
+compaq
+purple
+hardcore
+banana
+junior
+hannah
+123654
+porsche
+lakers
+iceman
+money
+cowboys
+987654
+london
+tennis
+999999
+ncc1701
+coffee
+scooby
+0000
+miller
+boston
+q1w2e3r4
+fuckoff
+brandon
+yamaha
+chester
+mother
+forever
+johnny
+edward
+333333
+oliver
+redsox
+player
+nikita
+knight
+fender
+barney
+midnight
+please
+brandy
+chicago
+badboy
+iwantu
+slayer
+rangers
+charles
+angel
+flower
+bigdaddy
+rabbit
+wizard
+bigdick
+jasper
+enter
+rachel
+chris
+steven
+winner
+adidas
+victoria
+natasha
+1q2w3e4r
+jasmine
+winter
+prince
+panties
+marine
+ghbdtn
+fishing
+cocacola
+casper
+james
+232323
+raiders
+888888
+marlboro
+gandalf
+asdfasdf
+crystal
+87654321
+12344321
+sexsex
+golden
+blowme
+bigtits
+8675309
+panther
+lauren
+angela
+bitch
+spanky
+thx1138
+angels
+madison
+winston
+shannon
+mike
+toyota
+blowjob
+jordan23
+canada
+sophie
+Password
+apples
+dick
+tiger
+razz
+123abc
+pokemon
+qazxsw
+55555
+qwaszx
+muffin
+johnson
+murphy
+cooper
+jonathan
+liverpoo
+david
+danielle
+159357
+jackie
+1990
+123456a
+789456
+turtle
+horny
+abcd1234
+scorpion
+qazwsxedc
+101010
+butter
+carlos
+password1
+dennis
+slipknot
+qwerty123
+booger
+asdf
+1991
+black
+startrek
+12341234
+cameron
+newyork
+rainbow
+nathan
+john
+1992
+rocket
+viking
+redskins
+butthead
+asdfghjkl
+1212
+sierra
+peaches
+gemini
+doctor
+wilson
+sandra
+helpme
+qwertyui
+victor
+florida
+dolphin
+pookie
+captain
+tucker
+blue
+liverpool
+theman
+bandit
+dolphins
+maddog
+packers
+jaguar
+lovers
+nicholas
+united
+tiffany
+maxwell
+zzzzzz
+nirvana
+jeremy
+suckit
+stupid
+porn
+monica
+elephant
+giants
+jackass
+hotdog
+rosebud
+success
+debbie
+mountain
+444444
+xxxxxxxx
+warrior
+1q2w3e4r5t
+q1w2e3
+123456q
+albert
+metallic
+lucky
+azerty
+7777
+shithead
+alex
+bond007
+alexis
+1111111
+samson
+5150
+willie
+scorpio
+bonnie
+gators
+benjamin
+voodoo
+driver
+dexter
+2112
+jason
+calvin
+freddy
+212121
+creative
+12345a
+sydney
+rush2112
+1989
+asdfghjk
+red123
+bubba
+4815162342
+passw0rd
+trouble
+gunner
+happy
+fucking
+gordon
+legend
+jessie
+stella
+qwert
+eminem
+arthur
+apple
+nissan
+bullshit
+bear
+america
+1qazxsw2
+nothing
+parker
+4444
+rebecca
+qweqwe
+garfield
+01012011
+beavis
+69696969
+jack
+asdasd
+december
+2222
+102030
+252525
+11223344
+magic
+apollo
+skippy
+315475
+girls
+kitten
+golf
+copper
+braves
+shelby
+godzilla
+beaver
+fred
+tomcat
+august
+buddy
+airborne
+1993
+1988
+lifehack
+qqqqqq
+brooklyn
+animal
+platinum
+phantom
+online
+xavier
+darkness
+blink182
+power
+fish
+green
+789456123
+voyager
+police
+travis
+12qwaszx
+heaven
+snowball
+lover
+abcdef
+00000
+pakistan
+007007
+walter
+playboy
+blazer
+cricket
+sniper
+hooters
+donkey
+willow
+loveme
+saturn
+therock
+redwings
+bigboy
+pumpkin
+trinity
+williams
+tits
+nintendo
+digital
+destiny
+topgun
+runner
+marvin
+guinness
+chance
+bubbles
+testing
+fire
+november
+minecraft
+asdf1234
+lasvegas
+sergey
+broncos
+cartman
+private
+celtic
+birdie
+little
+cassie
+babygirl
+donald
+beatles
+1313
+dickhead
+family
+12121212
+school
+louise
+gabriel
+eclipse
+fluffy
+147258369
+lol123
+explorer
+beer
+nelson
+flyers
+spencer
+scott
+lovely
+gibson
+doggie
+cherry
+andrey
+snickers
+buffalo
+pantera
+metallica
+member
+carter
+qwertyu
+peter
+alexande
+steve
+bronco
+paradise
+goober
+5555
+samuel
+montana
+mexico
+dreams
+michigan
+cock
+carolina
+yankee
+friends
+magnum
+surfer
+poopoo
+maximus
+genius
+cool
+vampire
+lacrosse
+asd123
+aaaa
+christin
+kimberly
+speedy
+sharon
+carmen
+111222
+kristina
+sammy
+racing
+ou812
+sabrina
+horses
+0987654321
+qwerty1
+pimpin
+baby
+stalker
+enigma
+147147
+star
+poohbear
+boobies
+147258
+simple
+bollocks
+12345q
+marcus
+brian
+1987
+qweasdzxc
+drowssap
+hahaha
+caroline
+barbara
+dave
+viper
+drummer
+action
+einstein
+bitches
+genesis
+hello1
+scotty
+friend
+forest
+010203
+hotrod
+google
+vanessa
+spitfire
+badger
+maryjane
+friday
+alaska
+1232323q
+tester
+jester
+jake
+champion
+billy
+147852
+rock
+hawaii
+badass
+chevy
+420420
+walker
+stephen
+eagle1
+bill
+1986
+october
+gregory
+svetlana
+pamela
+1984
+music
+shorty
+westside
+stanley
+diesel
+courtney
+242424
+kevin
+porno
+hitman
+boobs
+mark
+12345qwert
+reddog
+frank
+qwe123
+popcorn
+patricia
+aaaaaaaa
+1969
+teresa
+mozart
+buddha
+anderson
+paul
+melanie
+abcdefg
+security
+lucky1
+lizard
+denise
+3333
+a12345
+123789
+ruslan
+stargate
+simpsons
+scarface
+eagle
+123456789a
+thumper
+olivia
+naruto
+1234554321
+general
+cherokee
+a123456
+vincent
+Usuckballz1
+spooky
+qweasd
+cumshot
+free
+frankie
+douglas
+death
+1980
+loveyou
+kitty
+kelly
+veronica
+suzuki
+semperfi
+penguin
+mercury
+liberty
+spirit
+scotland
+natalie
+marley
+vikings
+system
+sucker
+king
+allison
+marshall
+1979
+098765
+qwerty12
+hummer
+adrian
+1985
+vfhbyf
+sandman
+rocky
+leslie
+antonio
+98765432
+4321
+softball
+passion
+mnbvcxz
+bastard
+passport
+horney
+rascal
+howard
+franklin
+bigred
+assman
+alexander
+homer
+redrum
+jupiter
+claudia
+55555555
+141414
+zaq12wsx
+shit
+patches
+nigger
+cunt
+raider
+infinity
+andre
+54321
+galore
+college
+russia
+kawasaki
+bishop
+77777777
+vladimir
+money1
+freeuser
+wildcats
+francis
+disney
+budlight
+brittany
+1994
+00000000
+sweet
+oksana
+honda
+domino
+bulldogs
+brutus
+swordfis
+norman
+monday
+jimmy
+ironman
+ford
+fantasy
+9999
+7654321
+PASSWORD
+hentai
+duncan
+cougar
+1977
+jeffrey
+house
+dancer
+brooke
+timothy
+super
+marines
+justice
+digger
+connor
+patriots
+karina
+202020
+molly
+everton
+tinker
+alicia
+rasdzv3
+poop
+pearljam
+stinky
+naughty
+colorado
+123123a
+water
+test123
+ncc1701d
+motorola
+ireland
+asdfg
+slut
+matt
+houston
+boogie
+zombie
+accord
+vision
+bradley
+reggie
+kermit
+froggy
+ducati
+avalon
+6666
+9379992
+sarah
+saints
+logitech
+chopper
+852456
+simpson
+madonna
+juventus
+claire
+159951
+zachary
+yfnfif
+wolverin
+warcraft
+hello123
+extreme
+penis
+peekaboo
+fireman
+eugene
+brenda
+123654789
+russell
+panthers
+georgia
+smith
+skyline
+jesus
+elizabet
+spiderma
+smooth
+pirate
+empire
+bullet
+8888
+virginia
+valentin
+psycho
+predator
+arizona
+134679
+mitchell
+alyssa
+vegeta
+titanic
+christ
+goblue
+fylhtq
+wolf
+mmmmmm
+kirill
+indian
+hiphop
+baxter
+awesome
+people
+danger
+roland
+mookie
+741852963
+1111111111
+dreamer
+bambam
+arnold
+1981
+skipper
+serega
+rolltide
+elvis
+changeme
+simon
+1q2w3e
+lovelove
+fktrcfylh
+denver
+tommy
+mine
+loverboy
+hobbes
+happy1
+alison
+nemesis
+chevelle
+cardinal
+burton
+wanker
+picard
+151515
+tweety
+michael1
+147852369
+12312
+xxxx
+windows
+turkey
+456789
+1974
+vfrcbv
+sublime
+1975
+galina
+bobby
+newport
+manutd
+daddy
+american
+alexandr
+1966
+victory
+rooster
+qqq111
+madmax
+electric
+bigcock
+a1b2c3
+wolfpack
+spring
+phpbb
+lalala
+suckme
+spiderman
+eric
+darkside
+classic
+raptor
+123456789q
+hendrix
+1982
+wombat
+avatar
+alpha
+zxc123
+crazy
+hard
+england
+brazil
+1978
+01011980
+wildcat
+polina
+freepass
+carrie
+99999999
+qaz123
+holiday
+fyfcnfcbz
+brother
+taurus
+shaggy
+raymond
+maksim
+gundam
+admin
+vagina
+pretty
+pickle
+good
+chronic
+alabama
+airplane
+22222222
+1976
+1029384756
+01011
+time
+sports
+ronaldo
+pandora
+cheyenne
+caesar
+billybob
+bigman
+1968
+124578
+snowman
+lawrence
+kenneth
+horse
+france
+bondage
+perfect
+kristen
+devils
+alpha1
+pussycat
+kodiak
+flowers
+1973
+01012000
+leather
+amber
+gracie
+chocolat
+bubba1
+catch22
+business
+2323
+1983
+cjkysirj
+1972
+123qweasd
+ytrewq
+wolves
+stingray
+ssssss
+serenity
+ronald
+greenday
+135790
+010101
+tiger1
+sunset
+charlie1
+berlin
+bbbbbb
+171717
+panzer
+lincoln
+katana
+firebird
+blizzard
+a1b2c3d4
+white
+sterling
+redhead
+password123
+candy
+anna
+142536
+sasha
+pyramid
+outlaw
+hercules
+garcia
+454545
+trevor
+teens
+maria
+kramer
+girl
+popeye
+pontiac
+hardon
+dude
+aaaaa
+323232
+tarheels
+honey
+cobra
+buddy1
+remember
+lickme
+detroit
+clinton
+basketball
+zeppelin
+whynot
+swimming
+strike
+service
+pavilion
+michele
+engineer
+dodgers
+britney
+bobafett
+adam
+741852
+21122112
+xxxxx
+robbie
+miranda
+456123
+future
+darkstar
+icecream
+connie
+1970
+jones
+hellfire
+fisher
+fireball
+apache
+fuckit
+blonde
+bigmac
+abcd
+morris
+angel1
+666999
+321321
+simone
+rockstar
+flash
+defender
+1967
+wallace
+trooper
+oscar
+norton
+casino
+cancer
+beauty
+weasel
+savage
+raven
+harvey
+bowling
+246810
+wutang
+theone
+swordfish
+stewart
+airforce
+abcdefgh
+nipples
+nastya
+jenny
+hacker
+753951
+amateur
+viktor
+srinivas
+maxima
+lennon
+freddie
+bluebird
+qazqaz
+presario
+pimp
+packard
+mouse
+looking
+lesbian
+jeff
+cheryl
+2001
+wrangler
+sandy
+machine
+lights
+eatme
+control
+tattoo
+precious
+harrison
+duke
+beach
+tornado
+tanner
+goldfish
+catfish
+openup
+manager
+1971
+street
+Soso123aljg
+roscoe
+paris
+natali
+light
+julian
+jerry
+dilbert
+dbrnjhbz
+chris1
+atlanta
+xfiles
+thailand
+sailor
+pussies
+pervert
+lucifer
+longhorn
+enjoy
+dragons
+young
+target
+elaine
+dustin
+123qweasdzxc
+student
+madman
+lisa
+integra
+wordpass
+prelude
+newton
+lolita
+ladies
+hawkeye
+corona
+bubble
+31415926
+trigger
+spike
+katie
+iloveu
+herman
+design
+cannon
+999999999
+video
+stealth
+shooter
+nfnmzyf
+hottie
+browns
+314159
+trucks
+malibu
+bruins
+bobcat
+barbie
+1964
+orlando
+letmein1
+freaky
+foobar
+cthutq
+baller
+unicorn
+scully
+pussy1
+potter
+cookies
+pppppp
+philip
+gogogo
+elena
+country
+assassin
+1010
+zaqwsx
+testtest
+peewee
+moose
+microsoft
+teacher
+sweety
+stefan
+stacey
+shotgun
+random
+laura
+hooker
+dfvgbh
+devildog
+chipper
+athena
+winnie
+valentina
+pegasus
+kristin
+fetish
+butterfly
+woody
+swinger
+seattle
+lonewolf
+joker
+booty
+babydoll
+atlantis
+tony
+powers
+polaris
+montreal
+angelina
+77777
+tickle
+regina
+pepsi
+gizmo
+express
+dollar
+squirt
+shamrock
+knicks
+hotstuff
+balls
+transam
+stinger
+smiley
+ryan
+redneck
+mistress
+hjvfirf
+cessna
+bunny
+toshiba
+single
+piglet
+fucked
+father
+deftones
+coyote
+castle
+cadillac
+blaster
+valerie
+samurai
+oicu812
+lindsay
+jasmin
+james1
+ficken
+blahblah
+birthday
+1234abcd
+01011990
+sunday
+manson
+flipper
+asdfghj
+181818
+wicked
+great
+daisy
+babes
+skeeter
+reaper
+maddie
+cavalier
+veronika
+trucker
+qazwsx123
+mustang1
+goldberg
+escort
+12345678910
+wolfgang
+rocks
+mylove
+mememe
+lancer
+ibanez
+travel
+sugar
+snake
+sister
+siemens
+savannah
+minnie
+leonardo
+basketba
+1963
+trumpet
+texas
+rocky1
+galaxy
+cristina
+aardvark
+shelly
+hotsex
+goldie
+fatboy
+benson
+321654
+141627
+sweetpea
+ronnie
+indigo
+13131313
+spartan
+roberto
+hesoyam
+freeman
+freedom1
+fredfred
+pizza
+manchester
+lestat
+kathleen
+hamilton
+erotic
+blabla
+22222
+1995
+skater
+pencil
+passwor
+larisa
+hornet
+hamlet
+gambit
+fuckyou2
+alfred
+456456
+sweetie
+marino
+lollol
+565656
+techno
+special
+renegade
+insane
+indiana
+farmer
+drpepper
+blondie
+bigboobs
+272727
+1a2b3c
+valera
+storm
+seven
+rose
+nick
+mister
+karate
+casey
+1qaz2wsx3edc
+1478963
+maiden
+julie
+curtis
+colors
+christia
+buckeyes
+13579
+0123456789
+toronto
+stephani
+pioneer
+kissme
+jungle
+jerome
+holland
+harry
+garden
+enterpri
+dragon1
+diamonds
+chrissy
+bigone
+343434
+wonder
+wetpussy
+subaru
+smitty
+racecar
+pascal
+morpheus
+joanne
+irina
+indians
+impala
+hamster
+charger
+change
+bigfoot
+babylon
+66666666
+timber
+redman
+pornstar
+bernie
+tomtom
+thuglife
+millie
+buckeye
+aaron
+virgin
+tristan
+stormy
+rusty
+pierre
+napoleon
+monkey1
+highland
+chiefs
+chandler
+catdog
+aurora
+1965
+trfnthbyf
+sampson
+nipple
+dudley
+cream
+consumer
+burger
+brandi
+welcome1
+triumph
+joejoe
+hunting
+dirty
+caserta
+brown
+aragorn
+363636
+mariah
+element
+chichi
+2121
+123qwe123
+wrinkle1
+smoke
+omega
+monika
+leonard
+justme
+hobbit
+gloria
+doggy
+chicks
+bass
+audrey
+951753
+51505150
+11235813
+sakura
+philips
+griffin
+butterfl
+artist
+66666
+island
+goforit
+emerald
+elizabeth
+anakin
+watson
+poison
+none
+italia
+callie
+bobbob
+autumn
+andreas
+123
+sherlock
+q12345
+pitbull
+marathon
+kelsey
+inside
+german
+blackie
+access14
+123asd
+zipper
+overlord
+nadine
+marie
+basket
+trombone
+stones
+sammie
+nugget
+naked
+kaiser
+isabelle
+huskers
+bomber
+barcelona
+babylon5
+babe
+alpine
+weed
+ultimate
+pebbles
+nicolas
+marion
+loser
+linda
+eddie
+wesley
+warlock
+tyler
+goddess
+fatcat
+energy
+david1
+bassman
+yankees1
+whore
+trojan
+trixie
+superfly
+kkkkkk
+ybrbnf
+warren
+sophia
+sidney
+pussys
+nicola
+campbell
+vfvjxrf
+singer
+shirley
+qawsed
+paladin
+martha
+karen
+help
+harold
+geronimo
+forget
+concrete
+191919
+westham
+soldier
+q1w2e3r4t5y6
+poiuyt
+nikki
+mario
+juice
+jessica1
+global
+dodger
+123454321
+webster
+titans
+tintin
+tarzan
+sexual
+sammy1
+portugal
+onelove
+marcel
+manuel
+madness
+jjjjjj
+holly
+christy
+424242
+yvonne
+sundance
+sex4me
+pleasure
+logan
+danny
+wwwwww
+truck
+spartak
+smile
+michel
+history
+Exigen
+65432
+1234321
+sherry
+sherman
+seminole
+rommel
+network
+ladybug
+isabella
+holden
+harris
+germany
+fktrctq
+cotton
+angelo
+14789632
+sergio
+qazxswedc
+moon
+jesus1
+trunks
+snakes
+sluts
+kingkong
+bluesky
+archie
+adgjmptw
+911911
+112358
+sunny
+suck
+snatch
+planet
+panama
+ncc1701e
+mongoose
+head
+hansolo
+desire
+alejandr
+1123581321
+whiskey
+waters
+teen
+party
+martina
+margaret
+january
+connect
+bluemoon
+bianca
+andrei
+5555555
+smiles
+nolimit
+long
+assass
+abigail
+555666